A newly documented cache deception attack exploits subtle discrepancies between caching layers and origin servers to expose sensitive endpoints and deliver malicious payloads.
By leveraging path normalization divergences and unconventional delimiters, attackers can trick content delivery networks (CDNs) into caching unauthorized responses while the...
A whistleblower disclosure filed by the Social Security Administration's Chief Data Officer has raised critical concerns about the Department of Government Efficiency (DOGE) allegedly creating an unauthorized live copy of over 300 million Americans' Social Security information in an unsecured cloud environment, potentially exposing...
A critical security bulletin warning that attackers are actively exploiting a zero-day remote code execution vulnerability in NetScaler ADC and Gateway products.
The vulnerability, tracked as CVE-2025-7775, has achieved a critical CVSS v4.0 base score of 9.2 and enables attackers to execute arbitrary code remotely...
A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PHP library PhpSpreadsheet, allowing attackers to inject arbitrary HTML content that triggers HTTP requests from the server.
Tracked as CVE-2025-54370 and published under GitHub Security Advisory GHSA-rx7m-68vc-ppxh, the vulnerability affects a...
In a coordinated statement issued today, the Maryland Transit Administration (MTA) and the Maryland Department of Information Technology (DoIT) confirmed that they are investigating a cybersecurity breach that has resulted in unauthorized access to critical systems.
As dedicated teams work to contain the threat,...
On August 21, 2025, the French retail giant Auchan disclosed a significant cybersecurity breach affecting “several hundred thousand” customer loyalty accounts.
In a statement issued Thursday evening, the company confirmed the theft of personal data but emphasized that no banking or payment information was...