The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js ...

CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to ...

In its writeup, BleepingComputer confirms that there are roughly 87,000 potentially vulnerable instances exposed on the ...

Lightweight web server for ESP8266/ESP32 boards that hosts the PlayStation 5 UMTX2 Jailbreak for firmware versions 1.00–5.50, with minor modifications to enable caching, data compression and access to ...

Abstract: Internationalized Domain Names (IDNs) enhance global accessibility by supporting Unicode characters in web addresses. However, this capability introduces new security vulnerabilities, ...

This week's ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the ...

Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high ...

“It’s mine! I saw it first!” That’s what you might expect to hear from a child who’s found money or a toy, and it’s how cybercriminals respond to finding zero-day vulnerabilities, or holes in networks ...

Abstract: Penetration testing, a critical cybersecurity practice, is often bottlenecked by manual exploit selection and payload crafting. We propose a novel framework integrating Large Language Models ...

Windows privilege escalation helper inspired by the original PrivEscalator and RoguePotato research. It crafts NTLM relay chains over DCOM/BITS, steals a SYSTEM token exposed by vulnerable COM servers ...

A sprawling infrastructure that has been bilking unsuspecting people through fraudulent gambling websites for 14 years is likely a dual operation run by a nation-state-sponsored group that is ...