Critical Roundcube vulnerability (CVE-2025-49113): exploit sold in Darknet as “Email Armageddon” looms
A decade-old Remote Code Execution (RCE) flaw in Roundcube, the widely used open-source email client, has escalated into a global cybersecurity emergency. Designated CVE-2025-49113 with a near-maximum CVSS...
Windows 11 fails to start after KB5058405 update
The recent disclosure by Microsoft regarding the KB5058405 cumulative update for Windows 11 has significant implications for enterprise cybersecurity and IT operations. This update, released as part of...
Analysis of recent high-severity vulnerabilities in GitLab and Atlassian products
Both GitLab and Atlassian have recently released critical security patches addressing a series of high-severity vulnerabilities across their core product lines. This coordinated disclosure and remediation effort underscores...
Malicious npm packages hijack macOS Cursor AI IDE
The Socket Threat Research Team has uncovered a sophisticated supply chain attack targeting macOS developers using the Cursor AI code editor. Three malicious npm packages-sw-cur, sw-cur1, and aiide-cur-have...
Stealthy Linux backdoor leveraging residential proxies and NHAS reverse SSH
A recently discovered Linux backdoor (SHA256: ea41b2bf1064efcb6196bb79b40c5158fc339a36a3d3ddee68c822d797895b4e) employs advanced evasion techniques to bypass detection while establishing persistent access via SOCKS5 proxies and in-memory payload execution. This analysis breaks...
MITRE Signals Critical Risk to CVE Program as Federal Funding Expires
The cybersecurity world faces a significant challenge as the Common Vulnerabilities and Exposures (CVE) program, a cornerstone of global vulnerability management, risks disruption due to expiring federal funding....
Surge in Palo Alto Networks scanner activity
GreyNoise has detected a significant surge in login scanning activity aimed at Palo Alto Networks PAN-OS GlobalProtect portals. In the last month, nearly 24,000 unique IP addresses have...
Critical Remote Code Execution vulnerability discovered in GiveWP WordPress Plugin (CVE-2025-0912)
A critical security vulnerability, identified as CVE-2025-0912, has been discovered in the GiveWP WordPress donation plugin. This flaw potentially exposes over 100,000 WordPress websites to remote code execution...