Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-5gr5-vmmr-82g6: Erupt Unrestricted Upload of File with Dangerous Type vulnerability

An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.

ghsa
#vulnerability#auth
Cyberattacks Hit Top Retailers: Cartier, North Face Among Latest Victims

North Face, Cartier, and Next Step Healthcare are the latest victims in a string of cyberattacks compromising customer…

The North Face warns customers about potentially stolen data

For the fourth time in its history, The North Face has notified customers that their account may have been compromised. This...

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified "malicious multi-stage downloader Powershell scripts" hosted on lure websites that masquerade as Gitcode and DocuSign. "

Is Your CISO Navigating Your Flight Path?

If your CISO isn't wielding influence with the CEO and helping top leaders clearly see the flight path ahead, your company is dangerously exposed.

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a case of post-authenticated remote code execution via

About Cross Site Scripting – Zimbra Collaboration (CVE-2024-27443) vulnerability

About Cross Site Scripting – Zimbra Collaboration (CVE-2024-27443) vulnerability. Zimbra Collaboration is a collaboration software suite that includes a mail server and a web client. An attacker can send an email containing a specially crafted calendar header with an embedded payload. If the user opens the email in the classic Zimbra web interface, the malicious […]

Juice jacking warnings are back, with a new twist

This spring has seen another spate of stories about juice jacking, including a new, more sophisticated form of attack. But how much of a threat is it, really?

Europol Targets Over 2,000 Extremist Links Exploiting Minors Online

Europol targets extremist online content exploiting minors, tackling rising use of AI, propaganda, and grooming across Europe’s digital platforms.