Ionut Arghire

The vulnerabilities allow attackers to predict source ports and query IDs BIND will use, and to inject forged records into the cache.

The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog.

The vulnerability impacts multiple Rust tar parsers, allowing attackers to smuggle additional archive entries.

The company’s IAM platform identifies AI agents, supports assigning permission to them, and tracks all activity.

Star Blizzard started using the NoRobot (BaitSwitch) and MaybeRobot (SimpleFix) malware after public reporting on the LostKeys malware.

The Critical Patch Update contains 374 new security patches that resolve many vulnerabilities.

A threat actor has been infecting servers of high-profile entities with backdoors to exfiltrate information and deploy additional payloads.

Leading to code execution, authentication bypass, and privilege escalation, the flaws were added to CISA’s KEV list.

The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns.

Affecting the Fireware OS iked process, the vulnerability can lead to remote code execution and does not require authentication.

The individuals ran a highly sophisticated cybercrime-as-a-service (CaaS) platform that caused roughly €5 million (~$5.8 million) in losses.

The identities of alleged core members of the Lumma Stealer group were exposed in an underground doxxing campaign.

Attackers could exploit vulnerable deployments to intercept and tamper with communications in certain configurations.

On Android, the out-of-bounds write issue can be triggered during the processing of media files without user interaction.

Set for January 2026 at Automotive World in Tokyo, the contest will have six categories, including Tesla, infotainment systems, EV chargers, and automotive OSes.

CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes.

Hackers stole names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other information.

The unauthenticated local file inclusion bug allows attackers to retrieve the machine key and execute code remotely via a ViewState deserialization issue.

The company’s AI Security Engineer autonomously keeps enterprise data protected across devices and environments.

A public PoC existed when Adobe patched the Experience Manager Forms (AEM Forms) bug in early August.