Bug Bounty

Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild.

The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those ...

A sophisticated attack campaign attributed to a group identifying as “PCP” has compromised 59,128 servers in less than 48 hours by exploiting critical Next.js vulnerabilities.

Security researchers discovered the large-scale operation while monitoring a Docker honeypot, uncovering an industrialized ...

The D-Link DAP-1325 contains a vulnerability that allows attackers to exploit a broken access control mechanism. By accessing the /cgi-bin/ExportSettings.sh endpoint, unauthorized users can download sensitive device configuration settings without requiring any authentication. This exposes critical ...

The PyMdown Extensions include a variety of enhancements for the Python-Markdown project, but versions prior to 10.16.1 contain a vulnerability in the figure caption extension (pymdownx.blocks.caption). This ReDOS issue can lead to performance degradation, causing significant delays while processing ...

The systeminformation library for Node.js is susceptible to an OS command injection vulnerability due to improper sanitization of user inputs. In versions prior to 5.27.14, the fsSize() function concatenates a user-defined drive parameter into a PowerShell command, potentially allowing an attacker ...

On systems running Arista EOS with Open Shortest Path First version 3 (OSPFv3) configured, a specially crafted packet can lead to excessive CPU usage in the OSPFv3 process. This may cause the OSPFv3 process to restart, interrupting routes on the switch and potentially impacting network stability ...

A use after free vulnerability in the WebGPU component of Google Chrome allows a potential remote attacker to exploit heap corruption. This can be triggered through a specially crafted HTML page, potentially leading to unexpected application behavior or security breaches.


https ...

Cybercriminals are increasingly abandoning traditional programming languages like C and C++ in favor of modern alternatives such as Rust, Golang, and Nim.

This strategic shift enables threat actors to write malicious code once and compile it for both Windows and Linux with minimal changes.

Leading ...

NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute malicious code, trigger denial-of-service attacks, and compromise sensitive data on Linux systems.

The ...

A sophisticated Android malware campaign dubbed NexusRoute is actively targeting Indian users by impersonating the Indian Government Ministry, mParivahan, and e-Challan services to steal credentials and carry out large-scale financial fraud.

The operation combines phishing, malware, and ...