The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of a high-severity authentication flaw in Iskra's iHUB and iHUB Lite intelligent metering gateways.
Released on December 2, 2025, under alert code ICSA-25-336-02, the vulnerability enables remote attackers to reconfigure...
The Django project released security patches on December 2, 2025, addressing two vulnerabilities in versions 5.2.9, 5.1.15, and 4.2.27.
Posted by maintainer Natalia Bidart, these updates fix a high-severity SQL injection risk on PostgreSQL and a moderate-severity denial-of-service (DoS) flaw in the XML serializer....
ANYRUN and NorthScan have exposed the inner workings of North Korea's Lazarus Group through a bold honeypot operation.
Researchers captured live video of attackers using fake corporate laptops, revealing their full recruitment and attack pipeline.
This marks the first time Lazarus operators linked to...
Faizan Ahmad, a security expert at Meta, launched Rogue on GitHub under the GPL-3.0 license.
This Python-based tool uses OpenAI models such as o4-mini, o3-mini, and o1-preview to find web vulnerabilities more effectively than older scanners.
Rogue acts like a human tester by studying...
A critical flaw in the popular open-source eCommerce platform nopCommerce exposes users to session hijacking attacks.
Security researchers at CERT have issued Vulnerability Note VU#633103, detailing how the platform fails to invalidate session cookies after logout or session termination.
Tracked as CVE-2025-11699, this issue...
OpenVPN, a popular open-source VPN solution, has patched multiple flaws in its recent releases that expose users to denial-of-service (DoS) attacks and security bypasses.
Versions 2.6.17 and 2.7_rc3, released on November 28, 2025, address issues including a local DoS on Windows systems and remote...