Articles and insights about Cybersecurity & Digital Risk.
30 articles in this category
Security researcher David Leadbeater disclosed CVE-2025-48384, a critical vulnerability in Git that allows remote code execution through malicious repository cloning by exploiting carriage return characters in submodule URLs.
A security researcher discovered critical SQL injection vulnerabilities in Catwatchful stalkerware infrastructure, exposing plaintext passwords and sensitive data for approximately 62,000 user accounts.
Microsoft announced architectural changes to Windows that restrict third-party kernel access, implementing lessons learned from the July 2024 CrowdStrike incident that caused widespread system failures across enterprise environments.
Security researchers discovered that 17 Gluestack NPM packages with over one million combined weekly downloads were compromised with remote access trojan malware, prompting urgent remediation by the maintainers.
Security researchers have identified a widespread campaign targeting thousands of ASUS routers with persistent backdoors capable of surviving device reboots and firmware updates, granting attackers full administrative control over compromised devices.
Security researchers at Invariant Labs disclosed a critical vulnerability in GitHub's official MCP server that allows attackers to exfiltrate private repository data through malicious GitHub Issues containing prompt injection payloads.
Security researchers disclosed a prompt injection vulnerability in GitLab Duo, the company's AI coding assistant, that could allow attackers to exfiltrate private source code through hidden instructions embedded in project files.
Security researcher discovers critical remote code execution vulnerability in ASUS DriverHub, a preinstalled utility on ASUS motherboards that allows attackers to execute arbitrary code with a single user click.
A federal jury in California ordered Israeli spyware maker NSO Group to pay approximately $167 million in damages to WhatsApp and Meta for exploiting a vulnerability to deploy Pegasus spyware against 1,400 users in 2019.
Google Cloud's Threat Intelligence team published its annual analysis of zero-day exploitation trends for 2024, documenting the vulnerabilities actively exploited before patches were available and identifying patterns in attacker targeting of enterprise software and security products.
Showing 10 of 30 articles β’ Page 1 of 3
