A single leaked client secret embedded in Synology’s “Active Backup for Microsoft 365” (ABM) has given would-be attackers unfettered read-only access to every Microsoft 365 tenant that deployed the add-on, exposing group and Microsoft Teams content across more than 1.2 million installations.
During a red-team...
Cybersecurity researchers have released Zig Strike, a sophisticated offensive toolkit designed to test organizational defenses by bypassing modern security solutions including antivirus (AV), next-generation antivirus (NGAV), and Endpoint Detection and Response (XDR/EDR) systems.
The toolkit, developed over six months, represents a significant evolution in...
A newly discovered set of critical vulnerabilities affecting millions of Bluetooth headphones and earbuds from major manufacturers has exposed users to potential eavesdropping and device hijacking attacks.
Security researchers have identified serious vulnerabilities in devices using Airoha Systems on a Chip (SoCs), which power...
WhatsApp is set to introduce a groundbreaking new feature called Message Summaries, designed to help users efficiently manage their communication overflow.
The feature leverages Meta AI technology to provide quick, private summaries of unread messages, addressing the common challenge of staying caught up in...
IBM has disclosed a critical security vulnerability in its WebSphere Application Server that could allow remote attackers to execute arbitrary code on affected systems.
The vulnerability, designated as CVE-2025-36038, was initially published on June 25, 2025, with a corrected CVE identifier issued the same...
Cisco has issued a critical advisory for its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC), revealing two unauthenticated remote code execution vulnerabilities that allow attackers to execute commands as root on affected systems.
The vulnerabilities, which hold a maximum CVSS severity rating...