OWASP Top 10 Business Logic Abuse: What You Need to Know
Over the past few years, API security has gone from a relatively niche concern to a headline issue. A slew…
Security
RelayState Ruse: Exploiting Reflected XSS in Citrix NetScaler
In the realm of cybersecurity, it’s not uncommon to stumble upon vulnerabilities while dissecting a system during the pursuit of…
Pre-Auth and Persistent: How a Sophisticated APT Targeted Cisco ISE and Citrix Gateways
Amazon’s security teams have made a critical discovery, revealing a sophisticated Advanced Persistent Threat (APT) campaign actively exploiting zero-day vulnerabilities…
Weekly Update 477
Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing What. A. Week. It…
Active Campaign Against Triofox: How Attackers Bypassed Setup and Gained SYSTEM Execution
Executive Summary A cyber-espionage group, identified as UNC6485, is actively exploiting a critical vulnerability in Gladinet’s Triofox file-sharing platform. This…
On Hacking Back
Former DoJ attorney John Carlin writes about hackback, which he defines thus: “A hack back is a type of cyber…
SAP November Patch Roundup: Critical Flaws Demand Immediate Action
SAP has recently rolled out its November security updates, aiming to resolve a spectrum of vulnerabilities across its enterprise software…
Microsoft Tackles 1 Zero-Day and 163 Fixes in November 2025 Patch Tuesday
It’s that time again – Patch Tuesday is here. This November, Microsoft rolled out fixes for 163 security flaws, featuring…
Critical NPM Package Vulnerability Puts AI and NLP Applications at Risk of Exploitation
The discovery of CVE-2025-12735 reveals a critical remote code execution (RCE) weakness in the popular JavaScript expression-evaluation library expr-eval. Exploitation…
Prompt Injection in AI Browsers
This is why AIs are not ready to be personal assistants: A new attack called ‘CometJacking’ exploits URL parameters to…