Code Defence

A critical unauthenticated arbitrary file upload vulnerability (CVE-2025-5678, CVSS 9.8) has been found in the FormCraft Pro WordPress plugin, installed […]

The Iranian state-sponsored group Charming Kitten (aka APT35, Phosphorus) has been observed deploying a previously unseen backdoor named “GhostEcho.” The

A new ransomware variant named “DataViper” has emerged, specifically scanning the internet for and targeting publicly exposed, misconfigured databases (like

Threat actors are using real-time AI voice modification and deepfake audio to bypass voice biometric authentication and trick human agents

Atlassian released emergency patches for a critical remote code execution (RCE) vulnerability (CVE-2025-9115, CVSS 9.8) affecting Confluence Data Center and

What Happened? A major international telecommunications provider is actively investigating claims made on a dark web forum alleging a massive

What Happened? CISA has added a high-severity vulnerability (CVE-2025-7034) affecting GitLab Runner to its Known Exploited Vulnerabilities (KEV) catalog. The

What Happened? A new variant of the prolific LockBit ransomware has been observed incorporating self-propagating “worm” capabilities. Once it compromises

What Happened? Microsoft released out-of-band patches for a critical zero-day vulnerability (CVE-2025-4421) in Exchange Server. The flaw, a server-side request

What Happened? CISA has re-added the infamous “Citrix Bleed” vulnerability (CVE-2023-4966) affecting Citrix NetScaler ADC and Gateway appliances to its