Latest News

When it comes to sharing sensitive documents online, security sits at the top of everyone’s checklist. Online faxing is…

After years of hanging out in the wild, confidential computing is getting closer to an AI model near you.

While many organizations are eagerly integrating AI into their workflows and cybersecurity practices, some remain undecided and even concerned about potential drawbacks of AI deployment.

An upgraded cybercrime tool is designed to make targeted ransomware attacks as easy and effective as possible, with features like EDR-spotting and DNS-based C2 communication.

The bug allowed an attacker an easy way to compromise full suite of developer tools in Oracle Cloud Infrastructure.

BADBOX variant BADBOX 2.0 found preinstalled on Android IoT devices in 222 countries, turning them into proxy nodes used in fraud and large-scale malicious activity.

### Summary The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, this setting fails to prevent execution of certain tag-based payloads, such as <img src=x onerror=...>, if the interpolated value is inserted inside an HTML context using v-html. This may lead to a DOM-based XSS vulnerability, even when using escapeParameterHtml: true, if a translation string includes minor HTML and is rendered via v-html. ### Details When escapeParameterHtml: true is enabled, it correctly escapes common injection points. However, it does not sanitize entire attribute contexts, which can be used as XSS vectors via: `<img src=x onerror=alert(1)> ` ### PoC In your Vue I18n configuration: ``` const i18n = createI18n({ escapeParameterHtml: true, messages: { en: { vulnerable: 'Caution: <img src=x onerror="{payload}">' } } }); ``` Use this interpolated payload: `const payload = '<script>aler...

A group of female cybersecurity pioneers will share what they've learned about navigating a field dominated by men, in order to help other women empower themselves and pursue successful cybersecurity careers.

Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit for next-stage payloads, including Cobalt Strike beacons and ransomware. First advertised in February 2021 on

July Microsoft Patch Tuesday. A total of 152 vulnerabilities – twice as many as in June. Of these, 15 vulnerabilities were added between the June and July MSPT. One vulnerability is exploited in the wild: 🔻 Memory Corruption – Chromium (CVE-2025-6554) One vulnerability has an exploit available on GitHub: 🔸 EoP – Windows Update Service […]