Mozilla released Firefox 142 on August 19, 2025, addressing multiple critical security vulnerabilities that could enable remote code execution and sandbox escape attacks.
The security update patches nine CVEs, with three classified as high-severity vulnerabilities that could allow attackers to execute arbitrary code on...
A critical vulnerability in the widely-used LSQUIC QUIC implementation that allows attackers to crash servers through memory exhaustion before any connection handshake is established.
The vulnerability, designated CVE-2025-54939 and dubbed "QUIC-LEAK," bypasses all standard QUIC protection mechanisms and affects the second most popular QUIC...
Noah Urban, better known by his online alias "King Bob," has become the first member of the notorious Scattered Spider cybercrime gang to receive federal prison time, marking a significant milestone in law enforcement's battle against sophisticated cybercriminal organizations.
The 20-year-old from Palm Coast, Florida, was...
Okta has launched the Auth0 Customer Detection Catalog, an open-source repository containing detection rules specifically designed to help security teams at Auth0 customer organizations proactively identify and respond to emerging security threats.
The catalog is now publicly available on GitHub and serves as a...
A critical security vulnerability in Microsoft's M365 Copilot allowed users to access sensitive files without generating audit log entries, effectively enabling insider threats to operate undetected.
The vulnerability, discovered in July and quietly patched in August, highlights serious concerns about audit trail integrity and...
A critical security vulnerability in Lenovo's AI-powered chatbot "Lena" has exposed the company's corporate systems to potential cyberattacks, allowing malicious actors to execute unauthorized scripts and steal sensitive session data through simple prompt manipulation.
The vulnerability, discovered by Cybernews researchers, demonstrates how inadequate security...