A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PHP library PhpSpreadsheet, allowing attackers to inject arbitrary HTML content that triggers HTTP requests from the server. Tracked as CVE-2025-54370 and published under GitHub Security Advisory...

In a coordinated statement issued today, the Maryland Transit Administration (MTA) and the Maryland Department of Information Technology (DoIT) confirmed that they are investigating a cybersecurity breach that has resulted in unauthorized access to critical systems. As dedicated teams...

On August 21, 2025, the French retail giant Auchan disclosed a significant cybersecurity breach affecting “several hundred thousand” customer loyalty accounts. In a statement issued Thursday evening, the company confirmed the theft of personal data but emphasized that no...

A massive coordinated campaign targeting Microsoft Remote Desktop Protocol (RDP) services, with nearly 2,000 malicious IP addresses conducting simultaneous reconnaissance attacks against authentication portals. The unprecedented surge represents a 400-fold increase from normal baseline activity and signals potential preparations...

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025, highlighting active exploitation of critical vulnerabilities affecting Citrix Session Recording and Git systems. The additions include...

A detailed proof-of-concept exploit and vulnerability analysis for CVE-2025-43300, a critical zero-click remote code execution vulnerability affecting Apple devices. The vulnerability, which Apple acknowledges may have been exploited in sophisticated targeted attacks, represents one of the most dangerous iOS...