Zeljka Zorz
Windows 11 quick machine recovery: Restoring devices with boot issues
Microsoft has rolled out quick machine recovery, a new Windows feature aimed at preventing prolonged widespread outages like the one caused by a faulty CrowdStrike update in …
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser …
UK NCSC offers security guidance for domain and DNS registrars
The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services. “DNS registrars …
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access …
If you think you’re immune to phishing attempts, you’re wrong!
Security consultant Troy Hunt, the creator of the Have I Been Pwned (HIBP) service, has revealed that he got tricked by a clever phishing email, and that the attacker gained …
Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome …
Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover
Wiz researchers have unearthed several critical vulnerabilities affecting Ingress NGINX Controller for Kubernetes (ingress-nginx) that may allow attackers to take over …
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web …
Malicious ads target Semrush users to steal Google account credentials
Cyber crooks are exploiting users’ interest in Semrush, a popular SEO, advertising, and market research SaaS platform, to steal their Google account credentials. The …
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)
A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and …
Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)
Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging …
RansomHub affiliate leverages multi-function Betruger backdoor
A RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to perform various actions during their attacks, Symantec researchers have discovered. The …
Featured news
Resources
Don't miss
- Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools
- iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)
- Unpacking the security complexity of no-code development platforms
- Researchers warn of ongoing Entra ID account takeover campaign
- LockBit panel data leak shows Chinese orgs among the most targeted