Apache bRPC versions before 1.15.0 are vulnerable to a critical remote denial-of-service flaw that allows attackers to crash servers by exploiting uncontrolled recursion in the json2pb component.
The vulnerability, tracked as CVE-2025-59789 and discovered by Tyler Zars, affects all platforms running vulnerable versions of...
Attackers can abuse Microsoft Teams guest chat to lure employees into “protection‑free” environments where Defender for Office 365 no longer shields them from malicious links or files.
The issue stems from how cross‑tenant collaboration is designed, not from an exploitable bug in Teams itself.
How...
GitLab released patch versions 18.6.1, 18.5.3, and 18.4.5 for Community Edition (CE) and Enterprise Edition (EE) to address critical security flaws.
These updates fix high-severity vulnerabilities, such as a race condition in CI/CD caching and multiple denial-of-service (DoS) issues that could disrupt services.
Administrators...
A serious flaw in Angular's HTTP Client exposes users' XSRF tokens to attacker-controlled sites, enabling CSRF attacks that bypass built-in protections.
Tracked as CVE-2025-66035 with a CVSS score of 7.5 (High severity), this issue affects the @angular/standard package.
It stems from the mishandling of...
A serious denial-of-service (DoS) flaw in Next.js lets attackers crash self-hosted servers with a single HTTP request, using almost no resources on their end.
Security firm Harmony Intelligence found the issue while testing an AI tool, and it affects versions up to 15.5.4.
Next.js powers...
Security teams using Apache Syncope face a new risk. A flaw in this open-source identity management tool allows attackers to steal user passwords from its internal database.
Tracked as CVE-2025-65998, the issue has "Important" severity. Researchers urge quick upgrades to block password theft.
Apache Syncope...