Blog

A large-scale automated campaign is currently exploiting a critical pre-authentication RCE in Next.js applications to siphon credentials from cloud-native environments. […]

State-sponsored threat actors are bypassing endpoint security controls by compromising legacy network hardware to steal cloud authentication tokens. This campaign

A critical supply chain compromise has impacted the official distribution site for @[CPUID](urn:li:organization:12345) utilities. Attackers successfully weaponized an internal API

A critical remote code execution vulnerability has been identified in a legacy management component of Apache ActiveMQ Classic. Automated scanning

A sophisticated zero-day vulnerability in @[Adobe](urn:li:organization:1480) Reader is being weaponized in a targeted campaign that has remained active and undetected

Organizations have until the end of today to remediate a critical code injection vulnerability in a leading mobile management platform

A sophisticated zero-day vulnerability in @[Adobe](urn:li:organization:1480) Reader is being leveraged in a targeted campaign that has remained undetected since at

A critical supply chain compromise has impacted the distribution infrastructure of the CPUID project. Attackers gained unauthorized access to an

A critical code injection vulnerability in a leading mobile management platform is being actively exploited to establish unauthenticated remote access.

A long-dormant remote code execution vulnerability in a core enterprise message broker has been identified and is currently being probed