Security researcher Lyra Rebane has uncovered a powerful new clickjacking technique using SVG filters.
This method, dubbed "SVG clickjacking," overlays interactive fake interfaces on cross-origin iframes to trick users into performing complex actions, such as filling out forms or entering data.
Traditional clickjacking hides buttons...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2021-26828 to its Known Exploited Vulnerabilities (KEV) catalog on December 3, 2025, confirming active exploitation in the wild.
This flaw affects OpenPLC ScadaBR, an open-source supervisory control and data acquisition (SCADA) platform used in industrial...
Security researchers chained three vulnerabilities in Synology BeeStation devices to enable unauthenticated attackers to remotely gain root access.
Demonstrated initially at Pwn2Own 2024 by DEVCORE, independent analyst kiddo-pwn published an N-day exploit highlighting a creative SQLite injection method targeting the cron task scheduler.
Vulnerability Chain
The...
Arizona Attorney General Kris Mayes has filed a landmark lawsuit against Chinese e-commerce giant Temu and its parent company, PDD Holdings Inc., accusing them of massive consumer data theft and privacy violations.
Filed on December 2, 2025, in Maricopa County Superior Court, the suit...
India's Department of Telecommunications (DoT) has issued a directive mandating continuous SIM binding for popular messaging apps, requiring an active SIM card in the device for services to function and periodic logouts for web versions.
This measure targets vulnerabilities exploited by cybercriminals in scams...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert for a remote code execution (RCE) vulnerability in Industrial Video & Control's Longwatch software.
Released on December 2, 2025, as ICSA-25-336-01, the flaw affects video surveillance and monitoring systems used in...