(CVE-2025-25291, CVE-2025-25292) allow SAML authentication bypass (CVSS 8.8). Update to versions 1.12.4 or 1.18.0 now.

A critical FreeType vulnerability (CVE-2025-27363) with a CVSS 8.1 score may be actively exploited—update to 2.13.3 now for ...

"On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including ...

ScarCruft, also called APT27 and Reaper, is a North Korean state-sponsored cyber espionage group active since 2012. Attack ...

UNC3886 exploits Juniper routers with six TinyShell-based backdoors, evading detection and maintaining persistence.

Microsoft fixes 57 security flaws, including six zero-days exploited in the wild. CISA mandates patches by April 1.

This article shares the latest trends and challenges in backup and disaster recovery by gathering data from over 3,000 IT ...

Microsoft warns of a phishing campaign using ClickFix to spread malware via fake Booking.com emails. Attackers exploit fake CAPTCHA pages to steal cre ...

GreyNoise reports 400+ IPs exploiting multiple SSRF vulnerabilities, targeting cloud services and global networks. Patch now.

AI is reshaping pentesting by automating tasks, enhancing efficiency, and empowering testers—without replacing them ...

Apple patches WebKit zero-day CVE-2025-24201, exploited in sophisticated attacks before iOS 17.2. Update secures iOS, macOS, ...

Ballista botnet exploits TP-Link router flaw CVE-2023-1389, infecting 6,000+ devices worldwide and evolving to use TOR.