December 11, 2025Executive Summary CVE-2025-8110 is an actively exploited, unpatched Remote Code Execution (RCE) vulnerability affecting all Gogs versions ≤ 0.13.3. The…
December 3, 2025Two new critical vulnerabilities, CVE-2025-55182 (React) and CVE-2025-66478 (Next.js), were publicly disclosed today, impacting React and Next.js applications. These issues…
November 24, 2025The newly uncovered “Shai Hulud 2.0”, also known as sha1-hulud, campaign is one of the most aggressive npm supply-chain attacks…
September 16, 2025On September 16, 2025, a large-scale npm supply chain attack was discovered, which seems to be linked to the same…
July 17, 2025Overview: CVE-2025-23266 is a container‑escape vulnerability (CVSS 9.0) affecting the NVIDIA Container Toolkit and GPU Operator. While this vulnerability requires multiple specific conditions,…
June 3, 2025A newly disclosed vulnerability in Python’s standard library, CVE-2024-12718, allows attackers to modify file metadata or file permissions outside the…
May 27, 2025For the first time, a zero-day vulnerability in the Linux kernel has been discovered using a large language model, OpenAI’s…
May 27, 2025It was a regular Thursday when Lisa, a DevOps lead at a mid-sized fintech company, got an alert: Log4Shell, a…
January 14, 2025On January 14, 2025, Fortinet announced a critical vulnerability impacting its FortiOS and FortiProxy systems, CVE-2024-55591 is an authentication bypass zero-day…
December 24, 2024Overview Apache has released a security update to address an important Apache Tomcat vulnerability (CVE-2024-56337) that could result in remote…