ALL POSTS

Key Findings GitLab has released urgent security updates to address several high-severity vulnerabilities, including a critical two-factor authentication (2FA) bypass flaw and multiple denial-of-service (DoS) issues. The 2FA bypass vulnerability (CVE-2026-0723) could allow an attacker to bypass the authentication mechanism designed to protect accounts, potentially leading to account takeovers. The DoS vulnerabilities affect various GitLab components, including the Jira Connec

Key Findings Cybersecurity researchers discovered a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer malware. By exploiting the flaw, researchers were able to collect system fingerprints, monitor active sessions, and steal cookies from the infrastructure designed for cookie theft. StealC is a malware-as-a-service (MaaS) offering that emerged in January 2023, leveraging YouTube as a primary distribution

Key Findings: Cybersecurity researchers at Miggo Security have disclosed a security vulnerability in Google Gemini that allows unauthorized access to users' private calendar data. The vulnerability, dubbed "Indirect Prompt Injection," enables threat actors to craft malicious calendar invites that can bypass Google Calendar's privacy controls. When a user asks Gemini a seemingly innocent question about their schedule, the AI chatbot is tricked into parsing the malicious prompt

Key Findings Researchers have disclosed a new hardware vulnerability, codenamed "StackWarp", affecting AMD Zen 1 through Zen 5 processors. The flaw can be exploited to bypass AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) protections, allowing attackers to run malicious code within confidential virtual machines (CVMs). StackWarp targets a synchronization bug in the CPU's stack engine, a microarchitectural optimization responsible for accelerated sta

Key Findings Apache has patched a vulnerability (CVE-2025-60021) in its bRPC C++ RPC framework The flaw allows remote command injection by manipulating the `extra_options` parameter in the `/pprof/heap` endpoint The vulnerability affects bRPC versions 1.11.0 through 1.14.0, and is rated as "Important" bRPC is widely used in high-performance systems for search, storage, ML, advertising, and recommendation Successful exploitation could allow attackers to execute remote commands

Key Findings Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal. A proof-of-concept (PoC) exploit for the vulnerability exists. The flaw allows an unauthenticated attacker to cause a denial-of-service (DoS) condition that can force the firewall into maintenance mode, disrupting network traffic and firewall protection. The vulnerability affects multiple versions of Palo Alto Network

Key Findings Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. The flaw allows for OS command injection via crafted TCP requests to the phMonitor service running on port 7900. Fortinet has also patched a critical vulnerability in FortiFone (CVE-2025-47

Key Findings A critical vulnerability (CVE-2025-12420) has been discovered in the ServiceNow AI Platform, allowing unauthenticated attackers to impersonate legitimate users. The vulnerability has a severity score of 9.3 out of 10 and poses a significant risk of privilege escalation. ServiceNow has released security updates to address the flaw, but self-hosted customers and partners need to take immediate action. Background The vulnerability, dubbed CVE-2025-12420, is a failur

Key Findings Trend Micro patched three vulnerabilities (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console. The most severe issue is a LoadLibraryEX remote code execution (RCE) vulnerability tracked as CVE-2025-69258, with a CVSS score of 9.8. The other vulnerabilities are an unchecked NULL return value Denial of Service (DoS) issue (CVE-2025-69259) and a message out-of-bounds read Denial of Service (DoS) flaw (CVE-2025-69260), both with a

Key Findings A critical vulnerability (CVE-2026-21858, CVSS score of 10.0) has been discovered in the n8n workflow automation platform, dubbed "Ni8mare" by researchers. The flaw allows unauthenticated attackers to fully compromise affected n8n instances, exposing sensitive data and potentially leading to further system compromise. The vulnerability affects all versions of n8n prior to and including 1.65.0, and it was fixed in n8n version 1.121.0 in November 2025. Background n

Key Findings: Veeam has released security updates to address critical vulnerabilities in its Backup & Replication software, including a flaw with a CVSS score of 9.0 that could allow remote code execution (RCE). The most severe vulnerability, CVE-2025-59470 (CVSS 9.0), enables a Backup or Tape Operator to achieve RCE as the postgres user by sending a malicious interval or order parameter. Three other vulnerabilities, CVE-2025-55125 (CVSS 7.2), CVE-2025-59469 (CVSS 7.2), and C

Key Findings Hackers are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2026-0625 (CVSS score: 9.3), in legacy D-Link DSL routers. The flaw is an improper neutralization of special elements used in an OS Command, allowing unauthenticated remote attackers to inject and execute arbitrary shell commands. The vulnerable endpoint, dnscfg.cgi, is also associated with unauthenticated DNS modification ("DNSChanger") behavior documented by D-Link. Exploi

Key Findings A critical vulnerability (CVSS score 9.8) has been discovered in the Harvester Hyperconverged Infrastructure (HCI) platform. The flaw allows remote attackers to gain unauthorized access to new servers during the installation process using default credentials. Successful exploitation could enable attackers to completely compromise the affected servers and leverage them for further malicious activities. Background Harvester is an open-source HCI solution built on t

Key Findings The RondoDox botnet has been conducting a persistent nine-month campaign targeting IoT devices and web applications. The botnet has been exploiting the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) vulnerability in Next.js and React Server Components (RSC) to achieve remote code execution on susceptible devices. There are about 90,300 instances that remain vulnerable to React2Shell globally, with the majority (68,400) located in the U.S. The R

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the MongoDB vulnerability CVE-2025-14847, known as "MongoBleed," to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, with a CVSS score of 8.7, allows unauthenticated, remote attackers to execute arbitrary code on vulnerable MongoDB servers. Over 87,000 potentially vulnerable MongoDB instances have been identified worldwide, primarily located in the U.S., China, Germany

Key Findings Vulnerability CVE-2025-54322 in XSpeeder networking devices allows for remote root access without a password. The vulnerability earned a perfect 10.0 (Critical) CVSS score, the highest possible threat rating. The vulnerability was discovered by the research firm pwn.ai using its proprietary AI tool. Over 70,000 XSpeeder devices are currently exposed online due to this vulnerability. Despite the research team's 7-month effort to notify the vendor, XSpeeder has not

Key Findings A critical vulnerability, tracked as CVE-2025-14847, has been discovered in MongoDB, a popular open-source database system. The flaw, dubbed "MongoBleed," allows remote, unauthenticated attackers to read sensitive contents from the server's memory (heap), potentially exposing internal states and pointers. The vulnerability lies in how MongoDB handles Zlib compressed protocol headers, where the server blindly trusts the length claimed by a client, even when it doe

Key Findings Autonomous AI agents discovered a critical, unpatched vulnerability (CVE-2025-54322) in networking gear manufactured by Xspeeder, a Chinese vendor known for routers and SD-WAN appliances. The vulnerability is a pre-authentication Remote Code Execution (RCE) flaw with a CVSS score of 10. This is the first remotely exploitable zero-day vulnerability discovered by an automated AI platform, according to the report. The vulnerable firmware, SXZOS, powers Xspeeder's SD

Key Findings: A critical security flaw (CVE-2025-68664) has been disclosed in LangChain Core that could enable attackers to steal sensitive secrets and influence large language model (LLM) responses through prompt injection. The vulnerability, tracked as CVE-2025-68664, carries a CVSS score of 9.3 out of 10.0. The vulnerability is caused by a serialization injection issue in the `dumps()` and `dumpd()` functions of LangChain, which fail to properly escape dictionaries with "l

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw in Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2023-52163, has a CVSS score of 8.8 and allows post-authentication remote code execution through a case of command injection. CISA cited evidence of active exploitation of the flaw by threat actors to deliver botnets like Mirai and S