Kali Vagrant Rebuilt, a streamlined toolchain for building and distributing pre-configured virtual machine (VM) images via HashiCorp Vagrant. By replacing Packer with an in-house DebOS-based solution, the Kali team has unified its VM build infrastructure, reduced external dependencies, and...

Mozilla released Firefox 142 on August 19, 2025, addressing multiple critical security vulnerabilities that could enable remote code execution and sandbox escape attacks. The security update patches nine CVEs, with three classified as high-severity vulnerabilities that could allow attackers...

A critical vulnerability in the widely-used LSQUIC QUIC implementation that allows attackers to crash servers through memory exhaustion before any connection handshake is established. The vulnerability, designated CVE-2025-54939 and dubbed "QUIC-LEAK," bypasses all standard QUIC protection mechanisms and affects...

Noah Urban, better known by his online alias "King Bob," has become the first member of the notorious Scattered Spider cybercrime gang to receive federal prison time, marking a significant milestone in law enforcement's battle against sophisticated cybercriminal organizations. The 20-year-old...

Okta has launched the Auth0 Customer Detection Catalog, an open-source repository containing detection rules specifically designed to help security teams at Auth0 customer organizations proactively identify and respond to emerging security threats. The catalog is now publicly available on...

A critical security vulnerability in Microsoft's M365 Copilot allowed users to access sensitive files without generating audit log entries, effectively enabling insider threats to operate undetected. The vulnerability, discovered in July and quietly patched in August, highlights serious concerns...