NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2023-6215 HP, Inc. - HP Sure Star...

The gang, which identifies itself as Radiant, reported on the attack on its dark web portal last month. It evidenced its claim by publishing the names, photos, home addresses, and family contact in...

One of the bugs, known as ‘The Year 2038 problem’ and Y2K38, could cause computers to malfunction on January 19, 2038. The issue affects systems that use a 32-bit integer to store time as the numbe...

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen...

OpenAI has banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts. “What we saw and banned in tho...

A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the single l...

A team of researchers from the University of California, Irvine, has discovered a security risk right on your desk. It turns out that your high-performance computer mouse, an item you probably trus...

This exposes the servers to the exploitation of the newly discovered CVE-2025-49844 (CVSS score of 10/10), named RediShell, a use-after-free issue that may allow authenticated attackers to execute ...

A 13-year-old critical remote code execution (RCE) vulnerability in Redis, dubbed RediShell, allows attackers to gain full access to the underlying host system. The flaw, tracked as CVE-2025-49844,...

The report emphasizes how the threat landscape is maturing, characterized by the rapid exploitation of vulnerabilities, the professionalization of cybercrime, and the increasing convergence between...

A new data leak site hosted on the TOR network has been launched by the “Trinity of Chaos” – a ransomware collective allegedly tied to the Lapsus$, Scattered Spider and ShinyHunters groups. The co...

Cybersecurity researchers at WatchTowr have published their analysis revealing a vulnerability in Dell UnityVSA, tracked as CVE-2025-36604. The flaw allows an attacker with no authentication to iss...

BIETA and its subsidiary, Beijing Sanxin Times Technology Co., Ltd. (CIII), research, develop, import, and sell technologies that almost certainly support intelligence, counterintelligence, militar...

Tracked as CVE-2025-10035, this security flaw impacts Fortra’s web-based secure transfer GoAnywhere MFT tool, caused by a deserialization of untrusted data weakness in the License Servlet. This vul...

A new report from Booz Allen Hamilton identified that the People’s Republic of China (PRC) has developed a sophisticated and persistent cyber acceleration strategy that enables it to conduct global...

A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and ste...

Threat actors exploited CVE-2025-27915, a cross-site scripting (XSS) vulnerability in ZCS 9.0, 10.0, and 10.1, to deliver a JavaScript payload onto target systems. The vulnerability stems from insu...

Attackers can weaponize AWS X-Ray as a covert bidirectional C2 channel, abusing legitimate cloud tracing infrastructure for C2.\n\nAWS X-Ray was designed to help developers to understand applicatio...

Discord issued an official update on October 3, 2025, explaining that an attacker successfully compromised the systems of a third-party customer service provider (apparently Zendesk), gaining unaut...

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link...