A severe security vulnerability has been discovered in SUSE Manager that allows unauthenticated attackers to execute arbitrary commands with root privileges through an exposed websocket endpoint.
The vulnerability, tracked as CVE-2025-46811, has been assigned a critical CVSS score of 9.3 and affects multiple versions...
A zero-day vulnerabilities in two discontinued network devices, demonstrating the persistent security risks posed by end-of-life hardware.
The team won runner-up for "Most Innovative Exploitation Technique" at DistrictCon's inaugural Junkyard competition in February 2025, showcasing how abandoned devices become perfect targets for attackers when...
Cybersecurity researchers at Netskope Threat Labs have discovered a new version of the XWorm malware, designated as version 6.0, which introduces enhanced evasion capabilities and process protection mechanisms targeting Windows systems.
This latest variant represents a significant evolution from the previously documented version 5.6, incorporating...
A critical zero-day vulnerability in CrushFTP has been disclosed, allowing attackers to achieve remote code execution without authentication.
The vulnerability, tracked as CVE-2025-54309, has received a maximum CVSS score of 9.8 and affects the software's DMZ proxy functionality.
Security researchers have released a proof-of-concept...
Palo Alto Networks announced a definitive agreement to acquire CyberArk Software for approximately $25 billion, marking the cybersecurity giant's formal entry into Identity Security and establishing it as a core pillar of their multi-platform strategy.
The acquisition combines CyberArk's leadership in Identity Security and...
North Korean state-sponsored threat actors operating under the TraderTraitor moniker have escalated their cryptocurrency theft operations, successfully stealing over $1.8 billion through sophisticated supply chain compromises and cloud platform infiltrations in 2024-2025.
The group, identified as a subgroup of the notorious Lazarus Group, has...