CVE-2025-59287 Critical Windows Server Update Service UNSAFE DESERIALIZATION UNAUTHENTICATED A critical vulnerability in Windows Server Update Service (WSUS) allows remote, unauthenticated attackers to execute arbitrary code over a network by exploiting unsafe deserialization of untrusted data, potentially compromising entire update infrastructure. Mitigation: Apply Microsoft's security update
Microsoft
TRENDING TOPICS OCT 30, 2025 Microsoft’s October Cloud Outage: Root Cause Identified On Wednesday, October 29, 2025, Microsoft experienced a significant global outage that began at approximately 16:00 UTC. The disruption affected both the Azure cloud platform and the Microsoft 365 business suite, leaving thousands of customers unable
Browser AI Model Key Features Known Issues Perplexity Comet Proprietary model with API access Full agentic capabilities including navigation, screenshot parsing, and task automation Vulnerable to Commadjacking and PromptFix, enabling data exfiltration and drive-by downloads OpenAI Atlas GPT-4 Turbo Natural language omnibox and autonomous task execution Omnibox injection
Intel TDX
TRENDING TOPICS OCT 29, 2025 New TEE[.]fail Attack Breaks Intel and AMD Trusted Execution Environments via DDR5 Memory Weakness Security researchers have disclosed a critical hardware-based vulnerability known as TEE[.]fail, which undermines the foundational guarantees of Intel TDX and AMD SEV-SNP Trusted Execution Environments (TEEs). The
Active Directory
TRENDING TOPICS OCT 28, 2025 Domain-Join Accounts: A Quiet, Consistent Path to AD Compromise Active directory domain-join accounts are routinely exposed during device buildouts and imaging, where their passwords are often stored in clear text across deployment steps and configuration stores. Discovered by Shelltrail, once an attacker gets
CoPhish
TRENDING TOPICS OCT 27, 2025 CoPhish Exploit Abuses Copilot Studio to Steal OAuth Tokens and Bypass Cloud Defenses Researchers have discovered a new phishing technique, named CoPhish, that abuses Microsoft Copilot Studio to steal OAuth tokens and hijack user accounts. The attack takes advantage of the trust users place in
UNC6229
CVE-2025-6950 Critical Moxa Network Appliances HARDCODED SECRET KEY TOKEN FORGERY Moxa network appliances use a hard-coded secret key to sign JSON Web Tokens (JWT), allowing attackers to forge valid authentication tokens and gain full administrative control over affected devices without any valid credentials. Mitigation: Update firmware immediately,
DeskRAT
TRENDING TOPICS OCT 23, 2025 DeskRAT Campaign: Targeted Phishing Against Indian Government Linux Systems New evidence and infrastructure linked to the TransparentTribe operation continue to surface, confirming that the campaign remains active and evolving beyond its initial discovery in mid-2025. TransparentTribe (APT36), a Pakistan-aligned threat group, conducted a
SQL Server Attack Techniques Common Adversary Tactics, Techniques, and Procedures Credential Compromise and Brute-Force Access Attackers obtain valid SQL authentication through credential stuffing, password spraying, or successful exploitation of web-facing applications that expose SQL endpoints. Once authenticated, attackers attempt privilege escalation to SYSADMIN and begin configuration changes. Attack
Microsoft 365
TRENDING TOPICS OCT 22, 2025 Microsoft 365 Copilot Attack Enables Data Exfiltration via Malicious Mermaid Diagrams A newly discovered attack in Microsoft 365 Copilot enabled attackers to exploit the AI assistant’s integration with Mermaid diagrams to exfiltrate sensitive tenant data. The flaw leveraged an indirect prompt injection hidden inside
AWS
TRENDING TOPICS OCT 21, 2025 Update: AWS Restores Services Caused by DNS Resolution Failure Amazon Web Services (AWS) suffered a prolonged outage across its US-EAST-1 region beginning late on October 19, 2025, and lasting nearly 24 hours, disrupting more than 140 services and impacting users worldwide. The issue
CVE-2025-59483 Critical Severity File path handling flaw that allows arbitrary file upload and remote code execution through the BIG-IP Configuration Utility. Enables full system compromise if the interface is Internet-accessible. Attack Vector Details Arbitrary file upload capability through misconfigured path handling Remote code execution via BIG-