Latest News

The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "[PyPI] Email verification" that are sent from the email address noreply@pypj[.]org (note that the domain is not "pypi[.]org"). "This is

With the right IGA tools, governance policies, and risk thresholds, enterprises can continuously detect and act on rogue access before attackers do.

A now-patched authentication issue on the popular vibe-coding platform gave unauthorized users open access to any private application on Base44.

Darktrace uncovers the first exploit of a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color backdoor malware. Learn how this evasive Linux RAT targets systems for remote code execution and how AI-powered defence thwarts multi-stage attacks.

A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter's dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware landscape to conduct big-game hunting and double extortion attacks. "Chaos RaaS actors initiated

Palo Alto, California, 29th July 2025, CyberNewsWire

Researchers discovered backdoors, poisoned code, and malicious commits in some of the more popular tool developers, jeopardizing software supply chains.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.5 ATTENTION: Exploitable remotely Vendor: Samsung Equipment: HVAC DMS Vulnerabilities: Execution After Redirect (EAR), Deserialization of Untrusted Data, Absolute Path Traversal, Use of Potentially Dangerous Function, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Relative Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities can lead to unauthenticated remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Samsung HVAC DMS, a software management platform, are affected: Samsung HVAC DMS: Versions 2.0.0 to 2.3.13.0, Versions 2.5.0.17 to 2.6.14.0, Versions 2.7.0.15 to 2.9.3.5 3.2 Vulnerability Overview 3.2.1 EXECUTION AFTER REDIRECT (EAR) CWE-698 An execution after redirect in Samsung DMS (Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid memory reads. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of LabVIEW are affected: LabVIEW: 2025 Q1 and prior versions 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119 LabVIEW 2025 Q1 and prior versions are affected by an improper restriction of operations within the bounds of a memory buffer vulnerability, which may allow a local attacker to disclose information and execute arbitrary code remotely, resulting in invalid memory reads. CVE-2025-2633 has been assigned to this vulnerability. A CVSS v3.1 base score of ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DTN Soft Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use a specially crafted project file to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta Electronics products are affected: DTN Soft: Versions 2.1.0 and prior 3.2 Vulnerability Overview 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 The affected product is affected by a deserialization of untrusted data vulnerability, which could allow an attacker to use a specially crafted project file to execute arbitrary code. CVE-2025-53416 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-53416. A base score of 8.4 has been calculated; the CVS...