Ionut Arghire

Nathan Austad admitted in court to launching a credential stuffing attack against a fantasy sports and betting website.

Hackers stole names, addresses, dates of birth, and Social Security numbers from the credit report and identity verification services provider.

Threat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw.

Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request.

XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25.

All critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services.

Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements.

In April 2025, hackers stole personal information belonging to patrons and employees and their family members.

The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution.

Most of the 100 vulnerabilities resolved this week, including critical flaws, were in third-party dependencies.

Victoria Dubranova faces over 25 years in prison for links to Russia-backed CARR and NoName hacktivist groups.

The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled.

The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges.

Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution.

The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs.

Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges.

The US seeks information on the leader of Emennet Pasargad, Mohammad Bagher Shirinkar, and long-time employee Fatemeh Sedighian Kashi.

The botnet attempts to steal credentials from infected TBK DVR devices, in addition to abusing them to launch DDoS attacks.

The Italian startup will use the investment to build proprietary AI models, accelerate global expansion, and hire new talent.

Chrome’s new agentic browsing protections include user alignment critic, expanded origin-isolation capabilities, and user confirmations.