A critical vulnerability in the command-and-control, or C2, infrastructure of the infamous DanaBot malware provided security analysts with an unprecedented opportunity to peer into the hidden operations of one of the world’s most persistent cybercriminal networks.
Dubbed “DanaBleed” by researchers, this flaw existed in...
A critical security flaw has recently been uncovered in Salesforce’s widely deployed platform exposing thousands of organizations to potential data breaches through a 0-day SOQL Injection vulnerability embedded within a default controller.
The discovery, highlighted by a private cybersecurity researcher, demonstrates how even core components of enterprise...
A highly targeted spear phishing campaign has struck Polish organizations this week, leveraging a known Roundcube webmail vulnerability (CVE-2024-42009) to compromise user accounts and steal credentials.
The operation, attributed with high confidence to the UNC1151 threat actor cluster linked by Mandiant and Google to...
Wireshark, the world’s most recognized and widely used network protocol analyzer, has recently come under scrutiny following the discovery of a critical vulnerability that could allow malicious actors to crash the software remotely.
This vulnerability, officially designated CVE-2025-5601 and informally known as the Dissection...
A new proof-of-concept exploit targeting CVE-2025-31650 in Apache Tomcat versions 10.1.10-10.1.39 has been publicly released, demonstrating a critical HTTP/2 priority header vulnerability that enables memory exhaustion attacks.
The exploit leverages malformed header injection to trigger catastrophic memory leaks in Tomcat's HTTP/2 implementation.
Exploit Mechanism and Technical Analysis
The...
A new cyber threat has emerged on the global stage as the Russian hacker collective known as Black Owl aggressively targets critical industries, specifically with the intent to steal sensitive financial data.
This group, though less publicized than some state-sponsored adversaries, has gained notoriety...