vulnerability

A massive breach at Moltbook exposed 1.5M API keys and 35,000 user emails due to a simple Supabase misconfiguration. Learn how "vibe coding" led to this critical security failure.

MongoBleed (CVE-2025-14847) exposes MongoDB servers to unauthenticated memory leaks due to a Zlib decompression flaw. Learn how attackers exploit uninitialized heap memory and how to patch immediately.

A critical Arbitrary Code Execution vulnerability (CVE-2025-68613) has been discovered in n8n, allowing attackers to execute arbitrary code via workflow expressions. Upgrade to v1.122.0 immediately.

The React2Shell saga continues with CVE-2025-55184. A new critical DDoS vulnerability in React Server Components allows unauthenticated attackers to crash servers via infinite loops. Update immediately.

React2Shell (CVE-2025-55182) exposes React Server Components to a critical Remote Code Execution flaw. Dive into the technical details, the exploitation mechanics, and the urgent remediation steps required to secure your infrastructure.

Urgent Alert: Grafana Enterprise CVE-2025-41115 (CVSS 10.0) allows full admin takeover via SCIM. Update to version 12.3.0 immediately. See the new affected versions and fix details here.

A massive supply chain risk lurks in the VS Code Marketplace. Learn how attackers use typosquatting to impersonate popular extensions and install malware directly into your IDE.

A critical, unauthenticated RCE vulnerability (CVE-2025-61882) in Oracle WebLogic Server is being actively exploited. Here is your immediate action plan.

A critical flaw in Entra ID (CVE-2025-55241) allowed attackers to impersonate anyone. This is a CISO's guide to the 'Actor Token' vulnerability, the attack chain, and how to hunt for compromise.

Anatomy of the mass NPM hijack that breached the internet's core. This CISO's guide details the attack, its impact, and the immediate action plan you must execute now.

A major supply chain attack via Salesloft and Drift has breached top companies. This guides you to the threat, the impact on Salesforce, and the immediate action plan you need.

A critical RCE vulnerability chain in NVIDIA Triton Inference Server (CVE-2025-23319) allows unauthenticated attackers to take full control. Learn how the attack works and how to defend your AI infrastructure.

Critical vulnerability in ServiceNow (CVE-2025-3648) allows a low-privilege user to gain full admin access. Learn how the 'Counter-Strike' attack works and how to mitigate it.

Critical SharePoint RCE (CVE-2025-53770): What SecOps teams must do right now, from patching to hunting the 'ToolShell' campaign. Your immediate action plan.

Critical, actively exploited zero-day RCE vulnerability in SharePoint Server (CVE-2025-53770). This is your guide to understanding, identifying, and mitigating the threat immediately.

Critical RCE vulnerability (CVE-2025-6514) in Anthropic's mcp-remote exposes developer machines. Learn how attackers can chain exploits to take control and why securing AI agents is paramount.

Discover Browser Cache Smuggling, a stealthy attack that uses your browsers cache to deliver malware and hijacks trusted apps like Microsoft Teams. Learn how it works and how to defend against it.

Uncover BadSuccessor: a critical Active Directory privilege escalation vulnerability in Windows Server 2025's dMSA feature. Learn how it works, detection, and mitigation.

Critical Commvault vulnerability (CVE-2025-34028) allows unauthenticated RCE in Command Center. Patch immediately to prevent full system compromise.

Unpacking ConfusedComposer: Discover how Tenable found a GCP vulnerability allowing privilege escalation via malicious PyPI packages in Cloud Composer & Cloud Build.

Explore the ImageRunner vulnerability: A patched GCP Cloud Run privilege escalation flaw. See how IAM permissions allowed unauthorized image access via service agents.

Critical Ingress-NGINX vulnerabilities threaten Kubernetes security. Learn how to mitigate three of the vulnerabilities CVE-2025-24514, CVE-2025-1097, and CVE-2025-1098