Bug Bounty

On 31 August 2025, security researchers disclosed CVE-2025-29927, a critical authorization bypass vulnerability in the Next.js framework.

The flaw stems from improper handling of the x-middleware-subrequest header in Next.js middleware, allowing attackers to circumvent authentication and gain ...

Security researchers have disclosed a heap-based buffer overflow vulnerability in Microsoft Windows’ Kernel Streaming WOW Thunk Service Driver, designated as CVE-2025-53149.

The flaw, discovered in the ksthunk.sys driver component was responsibly disclosed to Microsoft and subsequently patched ...

Google this week rolled out fixes for a total of 111 unique CVEs as part of the September 2025 set of Android patches, including exploited zero-days.

The exploited vulnerabilities, both privilege escalation issues, impact the Android Runtime (CVE-2025-48543) and Linux kernel (CVE-2025-38352 ...

A team of researchers from the Singapore University of Technology and Design has disclosed the details of a new 5G attack that does not require the use of a malicious base station.

As part of the project, the researchers have released a framework named Sni5Gect that can be used to sniff messages ...

Apple has kicked off the application period for the 2026 Security Research Device Program.

White hat hackers interested in obtaining an iPhone that was specifically configured for security research can apply until October 31. Apple has been offering these ‘hackable’ iPhones to security researchers ...

A serious security vulnerability in Netskope’s Windows client has been discovered that could allow attackers to escalate privileges from a low-privileged user to full system-level access.

The flaw, tracked as CVE-2025-0309, affects all versions of the Netskope Windows client prior to version R129 ...

A critical security vulnerability has been discovered in ImageMagick, the widely used open-source image processing software, that could allow attackers to execute arbitrary code remotely.

The vulnerability, tracked as CVE-2025-57803 with a severity score of 9.8 out of 10, affects 32-bit builds of ...

A critical vulnerability in the IBM Watsonx Orchestrate Cartridge for IBM Cloud Pak for Data has been disclosed, enabling blind SQL injection attacks that could compromise sensitive data.

Tracked as CVE-2025-0165, this flaw allows authenticated attackers to inject malicious SQL statements ...

Red Hat has disclosed a critical security flaw in the Udisks daemon that allows unprivileged users to exploit an out-of-bounds read vulnerability and gain access to files owned by privileged accounts.

The vulnerability, tracked as CVE-2025-8067, was publicly released on August 28, 2025, and has ...

Google has released Chrome 140 to the stable channel for Windows, Mac, and Linux. This update will roll out to users over the coming days and weeks.

The new version, 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac, delivers several security fixes and improvements.

A full list of ...