The TARmageddon flaw (CVE-2025-62518) in Rust’s async-tar and tokio-tar libraries allows remote code execution via desynchronized TAR parsing. Exploited through
SessionReaper (CVE-2025-54236) is being actively exploited in Adobe Commerce and Magento stores, enabling account takeover and web-shell deployment as more
Chinese state-backed hackers are exploiting a critical Microsoft SharePoint flaw, CVE-2025-53770 “ToolShell,” enabling unauthenticated remote code execution and data theft.
Researchers warn of rising “AI sidebar spoofing” attacks in browsers like Atlas and Comet, where fake AI panels mimic trusted
CISA confirmed active exploitation of Oracle E-Business Suite CVE-2025-61884 SSRF, urging immediate patching and network hardening after leaked exploits enabled
A newly discovered malware dubbed GlassWorm has infected over 35,800 Visual Studio Code extensions, marking one of the most advanced
A critical flaw in Adobe Experience Manager Forms (CVE-2025-54253) is being actively exploited, allowing unauthenticated remote code execution via a
ReliaQuest GreyMatter delivers an agentic AI security operations platform that enables CISOs to detect threats at the source, reduce alert
North Korean hackers have merged the BeaverTail and OtterCookie malware into a new espionage tool, OtterCookie v5, targeting developers and
Envoy Air confirmed a cybersecurity breach tied to Oracle’s E-Business Suite zero-day (CVE-2025-61882), exploited by the Clop ransomware group. While
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.