OpenSSL CVE-2025-15467
CVSSv3 Score: 9.8
CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. A stack buffer...
Versa Concerto SD-WAN Authentication Bypass
What is the Vulnerability? A critical security vulnerability (CVE-2025-34026) has...
Chromium: CVE-2026-1504 Inappropriate implementation in Background Fetch API
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2024 ) for more information. -...
Zimbra Collaboration Local File Inclusion
What is the Vulnerability? A Local File Inclusion (LFI) vulnerability (CVE-2025-68645)...
Context engineering: The missing layer for trusted AI in financial services
AI in financial services breaks down without trusted context. Discover how context engineering enables real-time, explainable, and compliant AI and how Elastic powers fraud...
How to get started with security response automation on AWS
At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect...
I’m locked in!
Welcome to this week’s edition of the Threat Source newsletter.I’ve struggled a lot over the last few years with balance. I want to follow the...
Exposed Open Directory Leaks BYOB Framework Across Windows, Linux, and macOS
Threat researchers have uncovered an actively serving command and control server hosting a complete deployment of the BYOB framework following the discovery of an...
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
UPD 30.01.2026: Added technical details about the attack chain and more IoCs.
On January 20, a supply chain attack has occurred, with the infected software...
Latest article
CyberSentinel AI with 33 Security Tools, Including Nmap, SQLMap, ZAP, and uses Claude, GPT
A new open-source cybersecurity platform called CyberSentinel AI v3.0 has emerged as a significant development in autonomous security tooling, combining 33 real-world penetration testing...
CVE-2025-5791 Users: `root` appended to group listings
Information published. - Read more
JCPenney – 368,418 breached accounts
In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from JCPenney through...
Threat actor adds advanced ‘EDR killer’ tools to ransomware-as-a-service platform
One of the world’s top ransomware groups has given its criminal affiliates access to advanced tools capable of successfully disabling...
