SecurityWeek

Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster

Progress has released patches for multiple remote code execution and OS command injection flaws in MOVEit WAF and LoadMaster.
Bitdefender

What is a proxy server? How it works, types & risks

Learn what a proxy server is, how it works, the different types, and the hidden risks - so you can decide if it’s safe for ...
CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
Security Boulevard

Exposed LLM Infrastructure: How Attackers Find and Exploit Misconfigured AI Deployments

Exposed LLM servers are being actively scanned and exploited. Learn how attackers find misconfigured AI infrastructure and ...
CSO Online

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...
SecurityWeek

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

The China-linked APT GopherWhisper has been using legitimate services and various Go-based backdoors in attacks.

Quantum CatDV Showcases Automated Live Sports Production with North Shore Automation’s Stats Injector

Quantum Corporation (Nasdaq: QMCO) today announced that North Shore Automation’s Stats Injector is now fully compatible with Quantum CatDV, the media asset management and workflow orchestration ...
WeLiveSecurity

GopherWhisper: A burrow full of malware

ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian ...

ESET Research discovers new China-aligned group, GopherWhisper: It abuses messaging services Discord, Slack, and Outlook to spy

ESET Research has uncovered a new China-aligned APT group, which has been named GopherWhisper, that targets governmental ...

Did Trump share post threatening to release 'Vatican files' that could 'bring down' Catholic Church?

The claim circulated in the form of a screenshot purportedly showing a Truth Social post by President Donald Trump.

Threat actor uses Microsoft Teams to deploy new “Snow” malware

A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a ...