Windsurf Prompt Injection via Filename
Windsurf Prompt Injection via Filename A prompt injection vulnerability exists in Windsurf version 1.10.7. We have verified this vulnerability is present when installed on...
Authenticated Heap Overflow in SSL-VPN bookmarks
CVSSv3 Score: 6.7
An Heap-based Buffer Overflow vulnerability in FortiOS, FortiPAM and FortiProxy RDP bookmark connection may allow an authenticated...
Insertion of Sensitive 2FA Information in logs and debug command
CVSSv3 Score: 2.6
An Insertion of Sensitive Information into Log File vulnerability in FortiOS may allow an attacker with at...
[R1] Security Center Version 6.7.0 Fixes One Vulnerability
Security Center Version 6.7.0 Fixes One Vulnerability Arnie Cabral Wed, 10/08/2025 - 10:29
In Tenable Security Center versions prior to 6.7.0, an improper...
Oracle E-Business Suite RCE Zero-day
Actively exploited as a zero-day in data theft and extortion campaigns, with activity linked to the Cl0p ransomware group. Successful exploitation enables complete takeover...
Fortra GoAnywhere MFT Attack
A critical deserialization vulnerability in GoAnywhere MFT’s License Servlet (CVSS 10.0) is actively being exploited in the wild. The flaw allows attackers with a...
Ten Years of Community Support
Seth Schoen was an early contributor to Let's Encrypt through his work at the Electronic Frontier Foundation. He's also one...
Six out of 10 UK secondary schools hit by cyber-attack or breach in past...
Hackers are more likely to target educational institutions than private businesses, government survey showsWhen hackers attacked UK nurseries last month and published children’s data...
AutoOps: Simple Elasticsearch cluster monitoring and management now available on-prem
AutoOps is now available for self-managed clusters, bringing simplified cluster management with real-time issue detection, performance recommendations, and resource utilisation insights directly to your...
[R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.5.1 and 6.6.0: SC-202509.2.1
Stand-alone Security Patch Available for Tenable Security Center versions 6.5.1 and 6.6.0: SC-202509.2.1 Jason Schavel Tue, 09/30/2025 - 12:32
Security Center leverages third-party...
Latest article
Chromium: CVE-2026-13027 Use after free in FileSystem
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2025) for more information. - Read...
Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more
Help shape the future of Metasploit FrameworkWe are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they...
New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets
A new Linux kernel local privilege escalation vulnerability, dubbed “DirtyClone” (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned...
Hackers Claim French Employment Leak Exposes Over 1M Records, Health Data
Hackers claim 1M+ records tied to French employment apps were exposed, including HR files, health data, worker details, and plaintext passwords.
The post Hackers Claim...
