Learn how the JFrog Security research team discovered and disclosed CVE-2025-11953 which poses a threat to developers using the popular React Native CLI.

Posted by techoalien_com - 1 vote and 0 comments

A recent penetration test led to an interesting way to escalate privileges on a Jupyter instance running as root.

Vendor Response The vendor has released a patch for Windows that addresses this vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55680 CVE CVE-2025-55680 Credit The vulnerability was disclosed during our TyphoonPWN Windows category…

A list of public bug bounty programs and responsible disclosures.

 Author(s): Vlad Pasca, Radu-Emanuel Chiscariu New two-stage malware targets cryptocurrency wallets and browser history LeakyInjector uses l...

Acronis Threat Research Unit (TRU) analyzed DragonForce, a Conti-derived ransomware-as-a-service active since 2023, documenting its malware, affiliate model and links to Scattered Spider.

Posted by chrisdefourire - 9 votes and 17 comments

Happy Friday, friends and.. others.

We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend!


What’re We Doing Today, Mr Fox?

Today, in a tale that seems all too familar at this point,

Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Android’s image processing library. The spyware was embedded in malicious DNG files.

Daily tech news for developers who value their time.

Google recently published reports about a new technique called “Etherhiding.” The reports explain how the threat actors UNC5142 and UNC5342…

Posted by JMarkG - 8 votes and 7 comments

Extension for Visual Studio Code - Security vulnerability scanner for dependencies. Checks CVEs from NVD/OSV databases and provides remediation steps. Supports npm, pip, Maven, Go, and more.

How Common Misconfigurations Could Lead to Massive Data Exposure

Introduction Earlier this year, I earned a $10,000 bounty from Microsoft after discovering a critical HTTP request smuggling vulnerability in ASP.NET Core’s Kestrel server (CVE-2025-55315). The vulnerability garnered significant media attention after Microsoft…