News & updates

Insights into Ethical Hacking and Vulnerability Research TL;DR Philippe Laulheret, a Senior Vulnerability Researcher, discusses the importance of ethical hacking in identifying security flaws before they can be exploited. His approach integrates personal passion and…

Major Microsoft Patch Tuesday Update Addresses Critical Vulnerabilities TL;DR In May 2026, Microsoft released updates addressing 120 vulnerabilities, including 17 classified as critical. Notably, these updates impact multiple high-risk enterprise components,…

Microsoft Addresses 137 Vulnerabilities in May 2026 Security Update Microsoft has issued its May 2026 security update, addressing 137 vulnerabilities across various products, with 31 categorized as critical. While none of these vulnerabilities are currently exploited…

Active Exploitation Campaign Targeting cPanel Vulnerability CVE-2026-41940 TL;DR: Researchers attribute an ongoing exploitation campaign to the threat actor Mr_Rot13, targeting the critical cPanel authentication bypass vulnerability CVE-2026-41940. The campaign…

Security and Privacy Risks of Smart Glasses TL;DR The resurgence of smart glasses, capable of recording and analyzing surroundings, presents significant privacy and security concerns for both users and bystanders. The potential for misuse includes unauthorized…

Ransomware Landscape Q1 2026: Consolidation and Emerging Trends TL;DR: The ransomware ecosystem has consolidated significantly in Q1 2026, with the top ten groups accounting for 71% of documented victims. Qilin leads as the most notable operator, while The Gentlemen…

Exploiting Active Directory Certificate Services: Risks and Techniques TL;DR: Palo Alto Networks’ Unit 42 has identified significant risks within Active Directory Certificate Services (AD CS) stemming from misconfigurations that facilitate privilege escalation…

Exploiting VoIP for Scam Campaigns: Insights from Cisco Talos TL;DR Cisco Talos has revealed that attackers increasingly exploit Voice over Internet Protocol (VoIP) phone numbers within scam emails as an indicator of compromise. The use of VoIP facilitates high-volume…

Remote Code Execution Vulnerability Discovered in xrdp Server Kaspersky researchers have identified a remote code execution vulnerability in the xrdp remote desktop server, designated CVE-2025-68670. This vulnerability was uncovered during a routine security audit and…

Speed of Vulnerability Discovery Outpacing Enterprise Response TL;DR The rise of AI-driven vulnerability discovery facilitates faster identification of weaknesses, but enterprises struggle to act on this information effectively. A gap exists between vulnerability…

Introduction of Netskope One AgentSkope Enhances Operational Security TL;DR Netskope has launched AgentSkope, a foundational layer in the Netskope One platform designed to streamline security operations through intelligent agents. These agents improve policy…

Expansion of Threat Intelligence Capabilities in Scam Operations TL;DR Cisco Talos has enhanced its threat intelligence by tracking phone numbers as critical indicators of compromise in scam emails. This focus on telephony infrastructure allows security teams to…