Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named
A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini’s voice assistant on Android and made it open a victim’s connected windows, fake
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token. “Just by clicking a link, it’s
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and “patch everything in time” stopped working years ago. Stop betting the org on winning that
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims’ systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed