ALL POSTS

Key Findings A critical vulnerability (CVE-2025-56005) with a CVSS score of 9.8 has been discovered in the PLY (Python Lex-Yacc) library, a popular parsing library used in the Python community. The vulnerability allows Remote Code Execution (RCE) and stems from an undocumented "picklefile" parameter in the `yacc()` function. The issue is caused by the unsafe deserialization of untrusted data using Python's `pickle.load()` method. The project's maintainer, David Beazley, has a

Key Findings: A critical vulnerability has been discovered in the Linux kernel's x86 page fault handling mechanism, existing since 2020. The flaw was caused by inconsistent disabling of hardware interrupts, leading to potential catastrophic scenarios. The vulnerability was not limited to user-space address errors, but involved a more complex interplay between address ranges and execution context. The remediation required a fundamental shift in approach, moving away from selec

Key Findings A public proof-of-concept (PoC) exploit has been released for a critical vulnerability in the Android operating system. The vulnerability allows malicious applications to escalate their privileges and gain access to sensitive permissions without the user's knowledge or consent. The vulnerability affects both the main Android OS as well as the WearOS platform, putting a wide range of Android devices at risk. The exploit has been confirmed to work on multiple Andro

Key Findings A critical Remote Code Execution (RCE) vulnerability with a CVSS score of 9.8 has been discovered in the Laravel Reverb framework. The vulnerability, which allows unauthenticated attackers to execute arbitrary code, affects an estimated 7 million websites and applications that use the Laravel Reverb framework. The vulnerability is caused by insecure deserialization of user-supplied data, which can lead to remote code execution. Successful exploitation of this vul

Key Findings Researchers at watchTowr Labs have discovered a critical vulnerability in SmarterMail, tracked as WT-2026-0001, that allows unauthenticated attackers to hijack administrative accounts and achieve full Remote Code Execution (RCE). The vulnerability lies within the force-reset-password API endpoint, which fails to implement proper security checks for system administrators. Attackers can simply send a JSON request with IsSysAdmin set to true, the target username, an

Key Findings GitLab has released urgent security updates to address several high-severity vulnerabilities, including a critical two-factor authentication (2FA) bypass flaw and multiple denial-of-service (DoS) issues. The 2FA bypass vulnerability (CVE-2026-0723) could allow an attacker to bypass the authentication mechanism designed to protect accounts, potentially leading to account takeovers. The DoS vulnerabilities affect various GitLab components, including the Jira Connec

Key Findings Cybersecurity researchers discovered a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer malware. By exploiting the flaw, researchers were able to collect system fingerprints, monitor active sessions, and steal cookies from the infrastructure designed for cookie theft. StealC is a malware-as-a-service (MaaS) offering that emerged in January 2023, leveraging YouTube as a primary distribution

Key Findings: Cybersecurity researchers at Miggo Security have disclosed a security vulnerability in Google Gemini that allows unauthorized access to users' private calendar data. The vulnerability, dubbed "Indirect Prompt Injection," enables threat actors to craft malicious calendar invites that can bypass Google Calendar's privacy controls. When a user asks Gemini a seemingly innocent question about their schedule, the AI chatbot is tricked into parsing the malicious prompt

Key Findings Researchers have disclosed a new hardware vulnerability, codenamed "StackWarp", affecting AMD Zen 1 through Zen 5 processors. The flaw can be exploited to bypass AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) protections, allowing attackers to run malicious code within confidential virtual machines (CVMs). StackWarp targets a synchronization bug in the CPU's stack engine, a microarchitectural optimization responsible for accelerated sta

Key Findings Apache has patched a vulnerability (CVE-2025-60021) in its bRPC C++ RPC framework The flaw allows remote command injection by manipulating the `extra_options` parameter in the `/pprof/heap` endpoint The vulnerability affects bRPC versions 1.11.0 through 1.14.0, and is rated as "Important" bRPC is widely used in high-performance systems for search, storage, ML, advertising, and recommendation Successful exploitation could allow attackers to execute remote commands

Key Findings Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal. A proof-of-concept (PoC) exploit for the vulnerability exists. The flaw allows an unauthenticated attacker to cause a denial-of-service (DoS) condition that can force the firewall into maintenance mode, disrupting network traffic and firewall protection. The vulnerability affects multiple versions of Palo Alto Network

Key Findings Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. The flaw allows for OS command injection via crafted TCP requests to the phMonitor service running on port 7900. Fortinet has also patched a critical vulnerability in FortiFone (CVE-2025-47

Key Findings A critical vulnerability (CVE-2025-12420) has been discovered in the ServiceNow AI Platform, allowing unauthenticated attackers to impersonate legitimate users. The vulnerability has a severity score of 9.3 out of 10 and poses a significant risk of privilege escalation. ServiceNow has released security updates to address the flaw, but self-hosted customers and partners need to take immediate action. Background The vulnerability, dubbed CVE-2025-12420, is a failur

Key Findings Trend Micro patched three vulnerabilities (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console. The most severe issue is a LoadLibraryEX remote code execution (RCE) vulnerability tracked as CVE-2025-69258, with a CVSS score of 9.8. The other vulnerabilities are an unchecked NULL return value Denial of Service (DoS) issue (CVE-2025-69259) and a message out-of-bounds read Denial of Service (DoS) flaw (CVE-2025-69260), both with a

Key Findings A critical vulnerability (CVE-2026-21858, CVSS score of 10.0) has been discovered in the n8n workflow automation platform, dubbed "Ni8mare" by researchers. The flaw allows unauthenticated attackers to fully compromise affected n8n instances, exposing sensitive data and potentially leading to further system compromise. The vulnerability affects all versions of n8n prior to and including 1.65.0, and it was fixed in n8n version 1.121.0 in November 2025. Background n

Key Findings: Veeam has released security updates to address critical vulnerabilities in its Backup & Replication software, including a flaw with a CVSS score of 9.0 that could allow remote code execution (RCE). The most severe vulnerability, CVE-2025-59470 (CVSS 9.0), enables a Backup or Tape Operator to achieve RCE as the postgres user by sending a malicious interval or order parameter. Three other vulnerabilities, CVE-2025-55125 (CVSS 7.2), CVE-2025-59469 (CVSS 7.2), and C

Key Findings Hackers are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2026-0625 (CVSS score: 9.3), in legacy D-Link DSL routers. The flaw is an improper neutralization of special elements used in an OS Command, allowing unauthenticated remote attackers to inject and execute arbitrary shell commands. The vulnerable endpoint, dnscfg.cgi, is also associated with unauthenticated DNS modification ("DNSChanger") behavior documented by D-Link. Exploi

Key Findings A critical vulnerability (CVSS score 9.8) has been discovered in the Harvester Hyperconverged Infrastructure (HCI) platform. The flaw allows remote attackers to gain unauthorized access to new servers during the installation process using default credentials. Successful exploitation could enable attackers to completely compromise the affected servers and leverage them for further malicious activities. Background Harvester is an open-source HCI solution built on t

Key Findings The RondoDox botnet has been conducting a persistent nine-month campaign targeting IoT devices and web applications. The botnet has been exploiting the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) vulnerability in Next.js and React Server Components (RSC) to achieve remote code execution on susceptible devices. There are about 90,300 instances that remain vulnerable to React2Shell globally, with the majority (68,400) located in the U.S. The R

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the MongoDB vulnerability CVE-2025-14847, known as "MongoBleed," to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, with a CVSS score of 8.7, allows unauthenticated, remote attackers to execute arbitrary code on vulnerable MongoDB servers. Over 87,000 potentially vulnerable MongoDB instances have been identified worldwide, primarily located in the U.S., China, Germany