Security News

GitLab patches critical authentication bypass vulnerabilities
2025-03-13 16:13

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. [...]

Defending against EDR bypass attacks
2025-03-12 05:00

EDR bypass and killer attacks are surging, yet many organizations continue to overlook this threat while they have become over-reliant on this security tool – particularly when preventing...

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
2025-03-11 06:45

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The...

SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools
2025-03-10 04:12

A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around...

Ransomware gang encrypted network from a webcam to bypass EDR
2025-03-06 20:31

The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was...

Ransomware gang encrypted network from a webcam to bypass EDR
2025-03-06 20:31

The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was...

2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT
2025-02-25 10:22

A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware. "To...

Juniper patches critical auth bypass in Session Smart routers
2025-02-18 17:07

​Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices. [...]

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication
2025-02-18 12:18

Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be...

Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged
2025-02-16 09:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) February 2025...