Latest News

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to the U.S. government, it's assessed to be a publicly-traded

Malicious script injection ('Cross-site Scripting') vulnerability in Apache Geode web-api (REST). This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information and even account takeover. This issue affects Apache Geode: all versions prior to 1.15.2. Users are recommended to upgrade to version 1.15.2, which fixes the issue.

Microsoft restricted access to Edge's IE Mode in August 2025 after hackers used a Chakra zero-day flaw to bypass security and take over user devices. Check out the new steps for enabling IE Mode.

Torrance, United States, 14th October 2025, CyberNewsWire

Tel Aviv, Israel, 14th October 2025, CyberNewsWire

Modern software engineering faces growing complexity across codebases, environments, and workflows. Traditional tools, although effective, rely heavily on…

Gone are the days when extortion was only the plot line of crime dramas—today, these threatening tactics target anyone with a smartphone, especially Gen Z.

Imagine if a rogue app could glimpse tiny bits of your screen—even the parts you thought were secure, like your 2FA codes.

Spanish Guardia Civil and Group-IB arrest 'GoogleXcoder,' the 25-year-old Brazilian mastermind of the GXC Team, for selling AI-powered phishing kits and malware used to steal millions from banks across the US, UK, Spain, and Brazil.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1715 EtherNet/IP Vulnerabilities: Allocation of Resources Without Limits or Throttling, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause the web server to crash, requiring a restart to recover. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation 1715 EtherNet/IP Comms Module are affected: 1715 EtherNet/IP: Versions 3.003 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770 A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash; however, this does not impact I/O control or communication. A power cycle is required to recover and utilize the webpage. CVE-20...