The emergency directive orders all agencies to apply the latest updates for all at-risk F5 virtual and physical devices and downloaded software by October 22.

Redis fixes 13-year CVSS 10 flaw allowing Lua script-based remote code execution in all versions.

Oracle releases an emergency fix for CVE-2025-61882 after Cl0p exploits critical EBS flaw.

European airports - including London's Heathrow - are warning of delays after a "technical issue" affected check-in and boarding systems.

Google releases critical Chrome update patching zero-day CVE-2025-10585, discovered Sept 16, to block active V8 JavaScript engine exploits worldwide.

Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall in the West Midlands, were arrested

The popular @ctrl/tinycolor package with over 2 million weekly downloads has been compromised alongside 40+ other NPM packages in a sophisticated supply chain attack. The malware self-propagates across maintainer packages, harvests AWS/GCP/Azure credentials using TruffleHog, and establishes persistence through GitHub Actions backdoors - representing a major escalation in NPM ecosystem threats.

Cursor ships with Workspace Trust disabled by default, exposing users to silent code execution risks

In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.

An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project.

The Django development team has issued critical security updates to address a high-severity vulnerability that could allow attackers

**This event is kindly hosted by Aon Cyber Solutions (a LevelBlue company) and sponsored by SecureFlag. There is limited seating available for in-person attendees. Registra

A look at initial access and webshell deployment earlier this year.

WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks.

Nx supply chain attack: malicious npm versions of Nx exfiltrated SSH keys and tokens to GitHub—abusing AI code assistants. Learn how to detect and fix.

Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability.

Malicious Go module published June 24, 2022 steals SSH credentials via Telegram bot, evading detection.

Elon Musk's artificial intelligence (AI) chatbot appears to have published messages without users' knowledge.

In Docker Desktop, malicious containers can access the host system, protective measures are not effective. An update helps.

Nearly half of AI-generated code contained exploitable bugs, with 36% introducing SQL injection risks.

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.