Search
Login
Register
Menu
HOME
Current Articles
|
Archives
|
Search
04
New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
Master Code Fu
posted on December 04, 2025 10:40
Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects "allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags," Oligo Security said in
[Read the rest of this article...]
Posted in:
Security News
Actions:
E-mail
|
Permalink
|
Comments (0)
04
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Master Code Fu
posted on December 04, 2025 10:40
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, JFrog, Koi Security, ReversingLabs, SafeDep, Socket, Step Security, and Wiz. The trojanized
[Read the rest of this article...]
Posted in:
Security News
Actions:
E-mail
|
Permalink
|
Comments (0)
04
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
Master Code Fu
posted on December 04, 2025 10:40
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates. Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI
[Read the rest of this article...]
Posted in:
Security News
Actions:
E-mail
|
Permalink
|
Comments (0)
04
Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs
Master Code Fu
posted on December 04, 2025 10:40
New research from CrowdStrike has revealed that DeepSeek's artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China. "We found that when DeepSeek-R1 receives prompts containing topics the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it
[Read the rest of this article...]
Posted in:
Security News
Actions:
E-mail
|
Permalink
|
Comments (0)
04
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
Master Code Fu
posted on December 04, 2025 10:40
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute a malware known as ShadowPad. "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence Center (ASEC) said in a report published last week. "They then used PowerCat, an open-source
[Read the rest of this article...]
Posted in:
Security News
Actions:
E-mail
|
Permalink
|
Comments (0)
Page 10 of 10
First
Previous
5
6
7
8
9
[10]
Next
Last