Grafana released emergency patches for a critical SCIM vulnerability (CVE-2025-41115) that allows attackers to escalate privileges or impersonate admins in Grafana Enterprise.
The flaw, scored CVSS 10.0, affects versions 12.0.0 through 12.2.1 when SCIM provisioning is enabled.
Grafana Labs disclosed it alongside the Enterprise...
The United States, Australia, and the United Kingdom imposed coordinated sanctions on November 19, 2025, targeting Media Land LLC, a Russia-based bulletproof hosting (BPH) provider in St.
Petersburg that supports ransomware groups like LockBit, BlackSuit, and Play, along with distributed denial-of-service (DDoS) attacks on U.S....
N-able N-central, a popular remote monitoring and management (RMM) platform used by enterprises and managed service providers (MSPs), faces severe vulnerabilities that allow unauthenticated attackers to bypass authentication, write files, and disclose sensitive information via XML External Entity (XXE) injection.
These flaws, uncovered by...
Twonky Server version 8.5.2 contains two serious flaws that allow attackers to bypass authentication and steal admin credentials on Linux and Windows systems.
These issues, tracked as CVE-2025-13315 and CVE-2025-13316, allow remote attackers to extract encrypted admin passwords from logs and crack them using...
Ollama versions before 0.7.0 contain parsing flaws that allow attackers to execute arbitrary code by loading a crafted GGUF model through the API, and users should update immediately.
The issue stems from unsafe handling of untrusted metadata during model load, which enables an out-of-bounds...
AI coding assistants like Cline Bot promise to boost developer productivity. However, recent research reveals serious security gaps that could turn these tools into attack vectors.
Security firm Mindgard uncovered four vulnerabilities in the open-source Cline extension during a short audit in August 2025,...