Month: December 2025

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. In such attacks, an XML input containing a reference to an external entity is processed by a weakly configured XML parser, allowing threat actors to launch denial-of-service attacks, access confidential data, or perform […]

MITRE has shared this year’s top 25 list of the most dangerous software weaknesses behind over 39,000 security vulnerabilities disclosed between June 2024 and June 2025. The list was released in cooperation with the Homeland Security Systems Engineering and Development Institute (HSSEDI) and the Cybersecurity and Infrastructure Security Agency (CISA), which manage and sponsor the […]

An anti-piracy coalition has dismantled one of India’s most popular streaming piracy services, which has provided free access to movies and TV shows to millions over the past two years. Backed by over 50 major television networks and film studios, including Disney, Warner Bros, Netflix, Paramount, Sony Pictures, and Universal Pictures, the Alliance for Creativity […]

Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet’s CentreStack and Triofox products for secure remote file access and sharing. By leveraging the security issue, the attackers can obtain hardcoded cryptographic keys and achieve remote code execution, researchers warn. Although the new cryptographic vulnerability does not have an […]

Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages. The first signs of this issue appeared in a Notepad++ community forum topic, where a user reported that Notepad++’s update tool, GUP.exe […]

A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. The malicious activity was uncovered recently, and security researchers found that the operator used a malicious file posing as a .PNG image. The VSCode Market is Microsoft’s official extensions portal for the widely used […]

The UK Information Commissioner’s Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. According to the ICO, the incident stemmed from two interconnected breaches […]