Latest News

Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”

Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”.   In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the wild. Out

### Summary It is possible to bypass the mitigation introduced in response to [CVE-2025-1550](https://github.com/keras-team/keras/security/advisories/GHSA-48g7-3x6r-xfhp), when an untrusted Keras v3 model is loaded, even when “safe_mode” is enabled, by crafting malicious arguments to built-in Keras modules. The vulnerability is exploitable on the default configuration and does not depend on user input (just requires an untrusted model to be loaded). ### Impact | Type | Vector |Impact| | -------- | ------- | ------- | |Unsafe deserialization |Client-Side (when loading untrusted model)|Arbitrary file overwrite. Can lead to Arbitrary code execution in many cases.| ### Details Keras’ [safe_mode](https://www.tensorflow.org/api_docs/python/tf/keras/models/load_model) flag is designed to disallow unsafe lambda deserialization - specifically by rejecting any arbitrary embedded Python code, marked by the “__lambda__” class name. https://github.com/keras-team/keras/blob/v3.8.0/keras/sr...

Connex Credit Union breach exposes data of 172000 members, legal probe launched, experts urge victims to monitor accounts…

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be used to escalate privileges within the application or compromise sensitive user data. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.

New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection further in a transitive manner, Binarly REsearch said in a report shared with The Hacker News. The firmware

### Impact A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if you provide a policy name called `__proto__` you can override the Object prototype. For example: ``` const parse = require('content-security-policy-parser'); const x = parse("default-src 'self'; __proto__ foobar"); console.log('raw print:', x); console.log('toString:', x.toString()); ``` Outputs: ``` raw print: Array { 'default-src': [ "'self'" ] } toString: foobar ``` Whilst no gadget exists in this library, it is possible via other libraries expose functionality that enable RCE. It is customary to label prototype pollution vulnerabilities in this way. The most common effect of this is denial of service, as you can trivially overwrite properties. As the content security policy is provided in HTTP queries, it is incredibly likely that network exploitation is possible. ### Patches There has been a patch implemented a year ago (11 Feb 2024), but low uptake of patched versions has not b...

Cybersecurity researchers are warning of a "significant spike" in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence firm GreyNoise, was observed on August 3, 2025, with over 780 unique IP addresses participating in the effort. As many as 56 unique IP addresses have been detected over the past 24 hours. All the IP addresses have been

Two different groups were found to have abused a now patched vulneraability in popular archive software WinRAR. Who's next?

An ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show. "This latest wave of ShinyHunters-attributed attacks reveals a dramatic shift in tactics, moving beyond the group's previous credential theft and database