Latest News

As enterprises refine their strategies for handling Non-Human Identities (NHIs), Robotic Process Automation (RPA) has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared to mitigate a variety of challenges. In large organizations, bots are starting to outnumber

An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020. Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor has trained its sights

A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz. The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. A fix for the issue is said to be currently in the

Every business today has to deal with private information – whether it is about customers, employees, or financial…

Cybersecurity researchers at Blackpoint Cyber discovered a new, evasive CastleLoader malware variant using Python and ClickFix social engineering to deliver RATs and info-stealers directly from memory.

Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID "466192044." Unlike other disclosures, Google has opted to keep information about the CVE identifier, the affected component, and

Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations so far. "Threat actors can potentially abuse this as a way to access the web.config file, opening the door for deserialization and remote code execution," security researcher Bryan Masters said.

For years, my career in cybersecurity was defined by a sense of urgency and criticality. As a leader of incident response teams, I lived on the front lines, constantly reacting to the latest software vulnerabilities, cyberattacks, and anomalies. My days were a blur of alerts, patch deployments, and the relentless pressure to mitigate risk and restore operations. It was a challenging, high-stakes environment where every vulnerability felt like a direct threat.Now, I've traded the immediate firefight for a more proactive battlefield as a manager within Red Hat Product Security. This has given me

NOTE: This blog has been updated to announce support for additional supported third-party model providers for the Red Hat Ansible Lightspeed intelligent assistant. Additional testing and validation of new model providers is ongoing. For the most recent list of supported model providers, please refer to Red Hat's official documentation. Earlier this year, we released the Red Hat Ansible Lightspeed intelligent assistant, a generative AI service which delivers an intuitive chat assistant embedded within Ansible Automation Platform. The Ansible Lightspeed intelligent assistant is like having an An

### Description An input-validation flaw in the returnTo parameter in the Auth0 Next.js SDK could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters ### Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-auth0 SDK version prior to 4.13.0 ### Affected product and versions Auth0/nextjs-auth0 versions >= 4.9.0 and < 4.13.0 ### Resolution Upgrade Auth0/nextjs-auth0 version to v4.13.0 ### Acknowledgements Okta would like to thank Joshua Rogers (MegaManSec) for their discovery and responsible disclosure.