A new wave of North Korea’s ‘Contagious Interview’ campaign is targeting job seekers with malicious npm packages that infect dev’s devices with infostealers and backdoors. […]
Google releases Gemini CLI with free Gemini 2.5 Pro
Google has released Gemini 2.5 Pro-powered Gemini CLI, which allows you to use Gemini inside your terminal, including Windows Terminal. […]
Citrix warns of NetScaler vulnerability exploited in DoS attacks
Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. […]
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery
New research has uncovered continued risk from a known security weakness in Microsoft’s Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications.
Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse.
First disclosed by
Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse.
First disclosed by
WinRAR patches bug letting malware launch from extracted archives
WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive. […]
New ‘CitrixBleed 2’ NetScaler flaw let hackers hijack sessions
A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed “CitrixBleed 2,” after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices. […]
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC
Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild.
The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0.
It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the
The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0.
It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the
BreachForums hacking forum operators reportedly arrested in France
The French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions. […]
Thousands of SaaS Apps Could Still Be Susceptible to nOAuth
New research suggests more than 10,000 SaaS apps could remain vulnerable to a nOAuth variant despite the basic issue being disclosed in June 2023.
The post Thousands of SaaS Apps Could Still Be Susceptible to nOAuth appeared first on SecurityWeek.
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions.
The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January
The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January