Tag: Cyber Security News

In response to the discovery of actively exploited 0-day vulnerabilities, Google has released its September 2025 Android Security Bulletin, rolling out patch level 2025-09-05 to safeguard millions of devices. The bulletin details critical issues in both System and Kernel components,…

Read more →

AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks, allowing adversaries to hijack automated agents and gain unauthorized system access. Security researchers Víctor Mayoral-Vilches & Per Mannermaa Rynning, revealed how modern AI-driven penetration testing frameworks become vulnerable…

Read more →

Threat actors are rapidly weaponizing Hexstrike-AI, a recently released AI-powered offensive security framework, to scan for and exploit zero-day CVEs in under ten minutes.  Originally marketed as an offensive security framework for red teams, Hexstrike-AI’s architecture has already been repurposed…

Read more →

Cloudflare has confirmed a data breach where a sophisticated threat actor accessed and stole customer data from the company’s Salesforce instance. The breach was part of a wider supply chain attack that exploited a vulnerability in the Salesloft Drift chatbot…

Read more →

A sophisticated spear-phishing campaign has emerged targeting senior executives and C-suite personnel across multiple industries, leveraging Microsoft OneDrive as the primary attack vector. The campaign utilizes carefully crafted emails masquerading as internal HR communications about salary amendments to trick high-profile…

Read more →

Google has officially debunked widespread reports claiming the company issued a major security warning to Gmail users, clarifying that such claims are entirely false. The technology giant addressed the misinformation directly on September 1, 2025, emphasizing that no broad security…

Read more →

A critical security vulnerability discovered in ESPHome’s web server component has exposed thousands of smart home devices to unauthorized access, effectively nullifying basic authentication protections on ESP-IDF platform implementations. The flaw, designated CVE-2025-57808 with a CVSS score of 8.1, affects…

Read more →

A sophisticated spear-phishing campaign orchestrated by Iranian-aligned operators has been identified targeting diplomatic missions worldwide through a compromised Ministry of Foreign Affairs of Oman mailbox. The attack, discovered in August 2025, represents a continuation of tactics associated with the Homeland…

Read more →

Commercial surveillance vendors have evolved from niche technology suppliers into a sophisticated multi-billion-dollar ecosystem that poses unprecedented threats to journalists, activists, and civil society members worldwide. A comprehensive new report by Sekoia.io’s Threat Detection & Research team reveals how these…

Read more →

When you’re in a SOC, speed is everything. The earlier you detect and confirm an intrusion, the faster you can contain it, and the less damage it does to your organization. But raw indicators of compromise (IOCs) like hashes, IPs,…

Read more →

A newly discovered WhatsApp scam has begun circulating on messaging platforms, exploiting the popular device linking feature to seize full control of user accounts. The attack unfolds when recipients receive what appears to be a harmless message from a known…

Read more →

Luxury automaker Jaguar Land Rover (JLR) has been forced to halt production at its Halewood plant and shut down its global IT infrastructure following a significant cybersecurity incident. The breach, which was first reported on Monday, September 1, has led…

Read more →

A sophisticated network of Ukrainian-based autonomous systems has emerged as a significant cybersecurity threat, orchestrating large-scale brute-force and password-spraying attacks against SSL VPN and RDP infrastructure. Between June and July 2025, these malicious networks launched hundreds of thousands of coordinated…

Read more →

Palo Alto Networks has confirmed it is one of hundreds of organizations impacted by a significant supply chain attack that resulted in the theft of customer data from its Salesforce instances. The breach originated from a compromised third-party application, Salesloft’s…

Read more →

A novel variant of the ClickFix attack has recently emerged, masquerading as a legitimate AnyDesk installer to spread the MetaStealer infostealer. This campaign exploits a fake Cloudflare Turnstile verification page to lure victims into executing a crafted Windows protocol handler,…

Read more →

On August 29, 2025, Microsoft announced the retirement of its popular Microsoft Editor browser extensions for Microsoft Edge and Google Chrome.  The Editor extensions will be officially deprecated on October 31, 2025, as part of Microsoft’s strategy to integrate AI-powered…

Read more →

A sophisticated subgroup of the Lazarus threat actor has surfaced in recent months, deploying three distinct remote access trojans (RATs) across compromised financial and cryptocurrency organizations. Initial access has primarily been achieved via tailored social engineering campaigns on Telegram, where…

Read more →

Cloudflare, a company that provides web security and infrastructure, recently reported that it stopped a huge cyber attack. This attack reached a record high of 11.5 terabits per second (Tbps). It was a type of attack called a Distributed Denial-of-Service…

Read more →

A sophisticated Windows-based keylogger known as TinkyWinkey began surfacing on underground forums in late June 2025, targeting enterprise and individual endpoints with unprecedented stealth. Unlike traditional keylogging tools that rely on simple hooks or user-mode processes, TinkyWinkey leverages dual components—a…

Read more →

A critical flaw in the Mobile Security Framework (MobSF) has been discovered, allowing authenticated attackers to upload and execute malicious files by exploiting improper path validation.  The vulnerability, present in version 4.4.0 and patched in 4.4.1, underscores the importance of…

Read more →

A critical denial-of-service vulnerability in HashiCorp Vault could allow malicious actors to overwhelm servers with specially crafted JSON payloads, leading to excessive resource consumption and rendering Vault instances unresponsive.  Tracked as CVE-2025-6203 and published on August 28, 2025, the flaw…

Read more →

Nmap has remained at the forefront of network discovery and security assessment for nearly three decades. Originally introduced on September 1, 1997, in Phrack magazine as a modest, 2,000-line Linux-only port scanner, Nmap has since matured into a sprawling toolkit…

Read more →

A critical security vulnerability has emerged in Azure Active Directory (Azure AD) configurations that exposes sensitive application credentials, providing attackers with unprecedented access to cloud environments.  This vulnerability centers around the exposure of appsettings.json files containing ClientId and ClientSecret credentials,…

Read more →

Multiple critical vulnerabilities in Qualcomm Technologies’ proprietary Data Network Stack and Multi-Mode Call Processor that permit remote attackers to execute arbitrary code.  These flaws, tracked as CVE-2025-21483 and CVE-2025-27034, each carry a CVSS score of 9.8 and exploit buffer-corruption weaknesses…

Read more →

Cybersecurity company Zscaler has confirmed it fell victim to a widespread supply-chain attack that exposed customer contact information through compromised Salesforce credentials linked to marketing platform Salesloft Drift. The breach, disclosed on August 31, 2025, stems from a larger campaign…

Read more →

The telecommunications landscape is facing an unprecedented crisis as SIM swapping attacks surge to alarming levels, with the United Kingdom alone reporting a staggering 1,055% increase in incidents during 2024, jumping from just 289 cases in 2023 to nearly 3,000…

Read more →

A group claiming to be a coalition of hackers has reportedly issued an ultimatum to Google, threatening to release the company’s databases unless two of its employees are terminated. The demand, which appeared in a Telegram post, specifically named Austin…

Read more →

The Wireshark team has rolled out version 4.4.9, a maintenance release for the world’s most popular network protocol analyzer. This update focuses on stability and reliability, delivering a series of important bug fixes and enhancing support for several existing protocols.…

Read more →

MediaTek today published a critical security bulletin addressing several vulnerabilities across its latest modem chipsets, urging device OEMs to deploy updates immediately.  The bulletin, issued two months after confidential OEM notification, confirms that no known in-the-wild exploits have been detected…

Read more →

A novel phishing campaign emerged in late August 2025 that specifically targeted hoteliers and vacation rental managers through malicious search engine advertisements. Rather than relying on mass email blasts or social media lures, attackers purchased sponsored ads on platforms such…

Read more →

A newly discovered critical security vulnerability in the Next.js framework, designated CVE-2025-29927, poses a significant threat to web applications by allowing malicious actors to completely bypass authorization mechanisms.  This vulnerability arises from improper handling of the x-middleware-subrequest header within Next.js…

Read more →

In a significant security move, Microsoft announced on August 26, 2025, that it will require mandatory multifactor authentication (MFA) for all accounts signing in to the Azure portal and related administrative centers. The policy, first introduced in 2024, aims to…

Read more →

Microsoft is issuing a direct call to its hardware partners, urging original equipment manufacturers (OEMs) to address configuration issues that prevent crucial USB-C troubleshooting notifications from functioning correctly in Windows 11. These built-in alerts are designed to enhance user experience…

Read more →

Security researchers have observed an unprecedented surge in domain registrations in recent months, closely tied to the upcoming 2026 FIFA World Cup tournament. These domains, often masquerading as legitimate ticketing portals, merchandise outlets, or live-stream platforms, serve as precursors to…

Read more →

You may have seen them in restaurants, cat-faced robots gliding between tables, delivering plates of food. These robots, many of them made by Pudu Robotics, the world’s largest commercial service robotics company, are part of a growing fleet of automated…

Read more →

Cybercriminals are increasingly exploiting legitimate email marketing platforms to launch sophisticated phishing campaigns, leveraging the trusted reputation of these services to bypass security filters and deceive victims. This emerging threat vector represents a significant evolution in phishing tactics, where attackers…

Read more →

macOS has long been recognized for its robust, integrated security stack, but cybercriminals are finding ways to weaponize these very defenses.  Recent incidents show attackers exploit Keychain, SIP, TCC, Gatekeeper, File Quarantine, XProtect, and XProtect Remediator to stealthily deliver malicious…

Read more →

Salesforce today unveiled its comprehensive Forensic Investigation Guide, equipping organizations with best practices, log analysis techniques, and automation workflows to detect and respond to sophisticated security breaches rapidly.  To reconstruct attack timelines and assess data exposure, the guide emphasizes three…

Read more →

Security researchers at Socket.dev uncovered a sophisticated supply chain attack in late August 2025 leveraging a malicious npm package named nodejs-smtp, which masquerades as the widely used email library nodemailer, boasting approximately 3.9 million weekly downloads. At first glance, nodejs-smtp…

Read more →

Microsoft has opened the Release Preview Channel to Windows Insiders for the forthcoming Windows 11, version 25H2 (Build 26200.5074) enablement package (eKB), offering an early look at this year’s annual feature update.  Insiders can now opt in via Windows Update’s…

Read more →

Apple appears to be laying the groundwork to remove the physical SIM card slot from its upcoming iPhone 17 models in more countries, with a significant push anticipated across the European Union. The move aligns with the company’s long-term strategy…

Read more →

A sophisticated malware campaign targeting niche Large Language Model (LLM) role-playing communities has emerged, leveraging advanced social engineering tactics to distribute a dangerous Remote Access Trojan (RAT). The malware, dubbed “AI Waifu RAT” by security researchers, masquerades as an innovative…

Read more →

Cybercriminals are exploiting Windows Defender Application Control (WDAC) policies to systematically disable Endpoint Detection and Response (EDR) agents, creating a dangerous blind spot in corporate security infrastructure. Real-world threat actors, including ransomware groups like Black Basta, have now adopted a…

Read more →

Amazon’s threat intelligence team uncovered a sophisticated watering hole campaign in late August 2025, which is orchestrated by APT29, also known as Midnight Blizzard, a Russian Foreign Intelligence Service–linked actor. The operation relied on the compromise of legitimate websites to…

Read more →

Infostealer malware, initially designed to indiscriminately harvest credentials from compromised hosts, has evolved into a potent weapon for state-sponsored Advanced Persistent Threat (APT) groups. Emerging in early 2023, families such as RedLine, Lumma, and StealC quickly proliferated across phishing campaigns…

Read more →

Critical vulnerabilities in Sitecore Experience Platform allow attackers to achieve complete system compromise through a sophisticated attack chain combining HTML cache poisoning with remote code execution capabilities. These flaws also enable attackers to enumerate cache keys and configuration details via…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has published nine Industrial Control Systems (ICS) advisories on August 28, 2025, detailing high- and medium-severity vulnerabilities across leading vendors’ products.  The advisories highlight remote-exploitable flaws, privilege-escalation weaknesses, memory corruption bugs, and insecure…

Read more →

A critical security vulnerability has been discovered in the Linux UDisks daemon that could allow unprivileged attackers to gain access to files owned by privileged users.  The flaw, identified as CVE-2025-8067, was publicly disclosed on August 28, 2025, and carries…

Read more →

Prompt injection attacks have emerged as one of the most critical security vulnerabilities in modern AI systems, representing a fundamental challenge that exploits the core architecture of large language models (LLMs) and AI agents. As organizations increasingly deploy AI agents…

Read more →

Welcome to your Weekly Cybersecurity News Recap. This week, the digital world faced a fresh wave of threats, underscoring the relentless evolution of cyber risks that target individuals and organizations alike. From our personal communication apps to the browsers we…

Read more →

Microsoft has officially addressed growing concerns among Windows 11 users, stating that its August 2025 security update for version 24H2 is not responsible for the scattered reports of SSD and HDD failures that have recently surfaced on social media and…

Read more →

Attack Surface Management (ASM) is a proactive security discipline focused on continuously discovering, analyzing, and reducing an organization’s external-facing digital footprint. In 2025, with the proliferation of cloud services, remote work, and supply chain dependencies, an organization’s attack surface has…

Read more →

Web application penetration testing in 2025 goes beyond a simple, one-time assessment. The top companies combine human expertise with automation and intelligent platforms to provide continuous, on-demand testing. The rise of Penetration Testing as a Service (PTaaS) and bug bounty…

Read more →

A new malware campaign, dubbed “Sindoor Dropper,” is targeting Linux systems using sophisticated spear-phishing techniques and a multi-stage infection chain. The campaign leverages lures themed around the recent India-Pakistan conflict, known as Operation Sindoor, to entice victims into executing malicious…

Read more →

A critical zero-day vulnerability in Citrix NetScaler products, identified as CVE-2025-6543, has been actively exploited by threat actors since at least May 2025, months before a patch was made available. While Citrix initially downplayed the flaw as a “memory overflow…

Read more →

API penetration testing has evolved dramatically in 2025. While traditional, human-led penetration testing remains critical, the scale and complexity of modern APIs have necessitated a new approach. The companies on this list are not just offering one-time testing services; they…

Read more →

Google has issued a broad security alert to its 2.5 billion Gmail users, advising them to enhance their account security in the wake of a data breach involving one of the company’s third-party Salesforce systems. The incident, which occurred in…

Read more →

The U.S. Attorney’s Office for the District of New Mexico announced Thursday that federal authorities have executed a court-authorized seizure of two domain names and one affiliated blog associated with VerifTools, an online marketplace peddling counterfeit driver’s licenses, passports, and…

Read more →

A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed. The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems…

Read more →

A significant global effort to patch a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices has seen the number of exposed systems drop from approximately 28,200 to 12,400 in just one week. Data from The Shadowserver Foundation,…

Read more →

In June 2025, a previously undocumented campaign leveraging end-of-support software began surfacing in telemetry data gathered across Eastern Asia. Dubbed TAOTH, the operation exploits an abandoned Chinese input method editor (IME), Sogou Zhuyin, to deliver multiple malware families. Initial intelligence…

Read more →

A sophisticated malware campaign has emerged targeting users seeking free PDF editing software, with cybercriminals distributing a malicious application masquerading as the legitimate “AppSuite PDF Editor.” The malware, packaged as a Microsoft Installer (MSI) file, has been distributed through high-ranking…

Read more →

Since its emergence in February 2025, the NightSpire ransomware group has rapidly distinguished itself through a sophisticated double-extortion strategy that combines targeted encryption with public data leaks. Initially surfacing in South Korea, the group leveraged vulnerabilities in corporate networks to…

Read more →

NodeBB, a popular open-source forum platform, has been found vulnerable to a critical SQL injection flaw in version 4.3.0.  The flaw, tracked as CVE-2025-50979, resides in the search-categories API endpoint, allowing unauthenticated, remote attackers to inject both boolean-based blind and…

Read more →

Cybersecurity teams worldwide have observed a surge in sophisticated campaigns exploiting both Windows and Linux vulnerabilities in recent months to achieve unauthorized system access. These attacks often begin with phishing emails or malicious web content designed to deliver weaponized documents.…

Read more →

A sophisticated ransomware attack has emerged targeting organizations through compromised third-party managed service provider (MSP) credentials, showcasing the evolving tactics of cybercriminals in 2025. The Sinobi Group, operating as a Ransomware-as-a-Service (RaaS) affiliate, successfully infiltrated corporate networks by exploiting SonicWall…

Read more →

As students and staff returned to campuses this August, a stark rise in cyber attacks against educational institutions has been observed worldwide. From January to July 2025, organizations in the education sector endured an average of 4,356 weekly attacks, marking…

Read more →

Attackers have begun leveraging a seemingly innocuous PDF newsletter alongside a malicious Windows shortcut (LNK) file to infiltrate enterprise environments. The attack surfaced in late August 2025, targeting South Korean academic and government institutions under the guise of a legitimate…

Read more →

Cybersecurity researchers have uncovered a sophisticated malvertising campaign on Meta’s Facebook platform in recent weeks that targets Android users with promises of a free TradingView Premium application. These deceptive ads mimic official TradingView branding and visuals, luring unsuspecting victims to…

Read more →

VirusTotal today unveiled Virustotal’s New endpoint, which receives code requests and returns a description of its functionality for malware analysts, a powerful addition to its Code Insight platform.  Designed to streamline reverse engineering workflows, the new API endpoint pre-analyzes disassembled or decompiled…

Read more →

Hikvision has disclosed three significant security vulnerabilities affecting multiple versions of its HikCentral product suite that could enable attackers to execute malicious commands and gain unauthorized administrative access.  The vulnerabilities, assigned CVE identifiers CVE-2025-39245, CVE-2025-39246, and CVE-2025-39247, were reported to…

Read more →

Google has confirmed that a security breach involving the Salesloft Drift platform is more extensive than initially reported, potentially compromising all authentication tokens connected to the service. The new findings from the Google Threat Intelligence Group (GTIG) indicate that the…

Read more →

Security researchers have uncovered significant vulnerabilities in code generated by Large Language Models (LLMs), demonstrating how “vibe coding” with AI assistants can introduce critical security flaws into production applications.  A new study reveals that LLM-generated code often prioritizes functionality over…

Read more →

Effective Identity Management Solutions have become paramount in today’s interconnected world, where individuals interact with various online platforms and services. Identity management solutions refer to the processes, technologies, and policies implemented to ensure secure and appropriate access to digital resources…

Read more →

TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which…

Read more →

A sophisticated new Mac malware campaign has emerged, targeting users through a deceptive PDF conversion website that conceals a dangerous two-stage payload. The malware, dubbed “JSCoreRunner,” represents a significant evolution in macOS threats, demonstrating how cybercriminals are adapting their techniques…

Read more →

Nagios XI, a widely-deployed network monitoring solution, has addressed a critical cross-site scripting (XSS) vulnerability in its Graph Explorer feature that could enable remote attackers to execute malicious JavaScript code within users’ browsers.  The security flaw was patched in version…

Read more →

Adversary-in-the-Middle (AiTM) attacks are among the most sophisticated and dangerous phishing techniques in the modern cybersecurity landscape. Unlike traditional phishing attacks that merely collect static credentials, AiTM attacks actively intercept and manipulate communications between users and legitimate services in real-time,…

Read more →

A sophisticated supply chain attack has compromised the popular Nx build platform, affecting millions of weekly downloads and resulting in widespread credential theft.  The attack, dubbed “s1ngularity,” represents one of the most comprehensive credential harvesting campaigns targeting the developer ecosystem…

Read more →

Emerging in mid-2025, a sophisticated campaign attributed to the Silver Fox APT has begun exploiting a previously unreported vulnerable driver to compromise modern Windows environments. This campaign leverages the WatchDog Antimalware driver (amsdk.sys, version 1.0.600), a Microsoft-signed component built on…

Read more →

A sophisticated phishing campaign has been identified, where threat actors impersonate IT helpdesk personnel through Teams’ external communication features, exploiting the platform’s default configuration to bypass traditional email security measures and gain unauthorized screen-sharing and remote-control capabilities. The attacks leverage…

Read more →

The escalation of sophisticated cyberattacks targeting Salesforce environments has emerged as one of the most concerning trends in enterprise cybersecurity. As organizations increasingly rely on customer relationship management (CRM) platforms to store their most sensitive business data, threat actors have…

Read more →

In a sophisticated campaign uncovered during a recent Advanced Continual Threat Hunt (ACTH) by Trustwave’s SpiderLabs team, threat actors weaponized a legitimate remote management tool, ScreenConnect, to deploy the Xworm Remote Access Trojan (RAT) through a deceptive, multi-stage infection chain.…

Read more →

Cybercriminals are increasingly weaponizing Microsoft Teams, exploiting the platform’s trusted role in corporate communications to deploy malware and seize control of victim systems. In a sophisticated campaign, threat actors are impersonating IT support staff in Microsoft Teams chats to trick…

Read more →

South Korean authorities have successfully extradited a Chinese national suspected of orchestrating one of the most sophisticated hacking operations targeting high-profile individuals and financial institutions. The 34-year-old suspect, identified only as Mr. G, was repatriated from Bangkok, Thailand, on August…

Read more →

MathWorks, Inc., the developer of the popular MATLAB and Simulink software, confirmed today that it was the target of a significant cyberattack, resulting in the theft of sensitive personal information belonging to an undisclosed number of users. In a notice…

Read more →

Microsoft’s recent patch for the BadSuccessor vulnerability (CVE-2025-53779) has successfully closed the direct privilege escalation path, but security researchers warn that the underlying technique remains viable for sophisticated attackers.  While the patch prevents immediate Domain Admin escalation through one-sided delegated…

Read more →

Cybercriminals are increasingly weaponizing Microsoft Teams, exploiting the platform’s trusted role in corporate communications to deploy malware and seize control of victim systems. In a sophisticated campaign, threat actors are impersonating IT support staff in Microsoft Teams chats to trick…

Read more →

Anthropic has thwarted multiple sophisticated attempts by cybercriminals to misuse its Claude AI platform, according to a newly released Threat Intelligence report. Despite layered safeguards designed to prevent harmful outputs, malicious actors have adapted to exploit Claude’s advanced capabilities, weaponizing…

Read more →

Farmers Insurance Exchange and its subsidiaries recently disclosed a significant security incident that compromised personal information of approximately 1.1 million customers through an unauthorized access to a third-party vendor’s database. The breach, which occurred on May 29, 2025, represents one…

Read more →

Cisco has issued a High-severity security advisory alerting customers to a critical vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of NX-OS Software for Cisco Nexus 3000 and 9000 Series switches.  Tracked as CVE-2025-20241 with a CVSS base score of…

Read more →

A significant cyberattack disrupted Nevada’s state government network on August 24, forcing all state office branches to shut down operations for 48 hours. The intrusion began with the exploitation of an unpatched VPN gateway, allowing the threat actor to gain…

Read more →

A sophisticated intrusion in which threat actors co-opted the legitimate, open-source Velociraptor digital forensics and incident response (DFIR) tool to establish a covert remote access channel. This represents an evolution from the long-standing tactic of abusing remote monitoring and management…

Read more →

Cisco disclosed a high-severity open redirect vulnerability in the Virtual Keyboard Video Monitor (vKVM) component of its Integrated Management Controller (IMC). Tracked as CVE-2025-20317 with a CVSS 3.1 base score of 7.1, the vulnerability could enable an unauthenticated remote attacker…

Read more →

The emergence of sophisticated cybercriminal organizations continues to pose significant threats to individuals and institutions worldwide, with the UTG-Q-1000 group representing one of the most concerning developments in recent cybersecurity history. This highly organized criminal network has demonstrated exceptional technical…

Read more →

New findings from Lares Labs underscore the importance of realistic threat emulation exercises that mirror the sophisticated tactics of the Scattered Spider APT group. By integrating real-world incident data into controlled simulations, organizations can proactively assess defenses across networks, endpoints,…

Read more →

A sophisticated malware campaign that weaponizes a seemingly legitimate PDF editor to steal sensitive data and login credentials from unsuspecting users across Europe. The attack uncovered by Truesec, dubbed “TamperedChef,” represents a new evolution in social engineering tactics that leverage…

Read more →

A critical zero-day exploit targeting exposed FreePBX 16 and 17 systems. Threat actors are abusing an unauthenticated privilege escalation vulnerability in the commercial Endpoint Manager module, allowing remote code execution (RCE) when the Administrator Control Panel is reachable from the…

Read more →

Cloudflare today launched MCP Server Portals in open beta, a groundbreaking capability designed to centralize, secure, and observe all Model Context Protocol (MCP) connections in an organization.  By routing every MCP request through a single portal endpoint, Cloudflare One customers…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA, FBI, and a broad coalition of international partners, has released a comprehensive cybersecurity advisory detailing a widespread espionage campaign by People’s Republic of China (PRC) state-sponsored actors targeting critical…

Read more →