ALL POSTS

Key Findings SolarWinds has released security updates to address six vulnerabilities in their Web Help Desk product, including four critical flaws. The four critical vulnerabilities could be exploited without authentication to achieve remote code execution (RCE) or bypass authentication: CVE-2025-40551 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data CVE-2025-40552 (CVSS 9.8) - Authentication bypass to execute actions and methods CVE-2025-40553 (CVSS 9.8

Key Findings: The North Korean threat actor Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary's expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations. Konni, also tracked as Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia, has been

Key Findings A 16TB unsecured MongoDB database exposed about 4.3 billion professional records, mainly LinkedIn-style data The database was discovered by researchers Bob Diachenko and nexos.ai on November 23, 2025 and secured two days later The database contained 9 collections with at least 3 exposing nearly 2 billion personal records including names, emails, phone numbers, LinkedIn links, job roles, employers, work history, education, locations, skills, languages, and social

Key Findings A critical vulnerability, CVE-2025-8489 (CVSS score of 9.8), has been discovered in the WordPress plugin King Addons for Elementor. The flaw allows unauthenticated users to register and instantly gain admin privileges on WordPress sites. Threat actors are actively exploiting the vulnerability, with the Wordfence Firewall blocking over 48,400 exploit attempts since the issue was disclosed. The vulnerability is a privilege escalation issue in versions 24.12.92 to 5

Key Findings North Korean threat actors behind the Contagious Interview campaign have adopted a new tactic of using JSON storage services to host and deliver malware. The campaign involves approaching targets on professional networking sites under the pretext of a job assessment or project collaboration, instructing them to download a demo project hosted on platforms like GitHub, GitLab, or Bitbucket. In one such project, a file named "server/config/.config.env" contains a Ba