Latest News

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: KUNBUS Equipment: Revolution Pi Vulnerabilities: Missing Authentication for Critical Function, Authentication Bypass by Primary Weakness, Improper Neutralization of Server-Side Includes (SSI) Within a Web Page 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to bypass authentication, gain unauthorized access to critical functions, and execute malicious server-side includes (SSI) within a web page. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of KUNBUS Revolution Pi are affected: Revolution Pi OS Bookworm: Versions 01/2025 and earlier Revolution Pi PiCtory: Versions 2.5.0 through 2.11.1 Revolution Pi PiCtory: Versions 2.11.1 and earlier 3.2 VULNERABILITY OVERVIEW 3.2.1 Missing Authentication for Critical Function CWE-306 KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by defa...

A misconfigured, non-password-protected database belonging to TicketToCash exposed data from 520,000 customers, including PII and partial financial details.…

Security Operations Center (SOC) teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpoint-based defenses and signature-based detection systems. The reality of these “invisible intruders” is driving a significant need for a multi-layered approach to detecting threats,

These 3 cybersecurity threats may not be the most sophisticated, but they're the most effective—and serious—threats for small businesses.

Artificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X. The sophisticated activity, branded as financially-motivated, is said to have used its AI tool to orchestrate 100 distinct persons on the two social media platforms, creating a

Cybercriminals are having less success targeting end-user technology with zero-day attacks, said Google's security team this week.

Threat actors are bypassing MFA with adversary-in-the-middle attacks via reverse proxies. Phishing-as-a-Service tools like Evilproxy make these threats harder to detect.

For over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved to be. As alerts from static analysis tools, scanners, and CVE databases surged, the promise of better security grew more distant. In its place, a new reality took hold—one defined by alert fatigue and overwhelmed teams. According to OX

Russian companies have been targeted as part of a large-scale phishing campaign that's designed to deliver a known malware called DarkWatchman. Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said. The activity is assessed to be the work of a

Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. "This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance," the company