Introduction A new name has begun surfacing repeatedly in European cyber-incident reports—Dark Storm, a pro-Russian hacktivist collective rapidly increasing both its activity and impact. WhatContinue readingDark Storm: A Growing Hacktivist Threat

Introduction Oracle Cloud faced a serious vulnerability in January of this year affecting their core authentication service, which is housed at login.us2.oraclecloud.com. The attackers compromisedContinue readingPre-Auth RCE in Oracle Identity Manager (CVE-2025-61757)

Salesforce issued an urgent caution after noticing anomalous OAuth behavior associated with Gainsight-published applications that are connected to the Salesforce ecosystem. Salesforce believes the suspiciousContinue readingSalesforce Unauthorized Access via Gainsight OAuth Tokens

Fortinet has issued a fresh warning to its customers after discovering a new vulnerability in FortiWeb, the company’s Web Application Firewall technology. The weakness, officiallyContinue readingFortiWeb OS Command Injection (CVE-2025-58034)

Brightpick AI’s warehouse automation software is under examination after researchers discovered a number of critical flaws in Brightpick Mission Control and Internal Logic Control. TheseContinue readingBrightpick Mission Control: Remote Access & Credential Exposure Risks

A security vulnerability has been identified in Google Chrome that may allow remote attackers to cause a denial-of-service (DoS) condition or potentially achieve remote codeContinue readingGoogle Chrome RCE Vulnerability (CVE-2025-13042) – Security Advisory & Update Guidance

In targeted attacks across the Middle East, attackers weaponized a now-patched Samsung image-codec zero-day (CVE-2025-21042) to deliver a modular Android spyware family dubbed LANDFALL. TheContinue readingLANDFALL: Samsung Zero-Day Exploit

SummaryIn late-2025 researchers observed the Qilin ransomware operation progressively adopting hybrid, cross-platform attack techniques that allow affiliates to run Linux-based encryptors against predominantly Windows environmentsContinue readingQilin Ransomware Hybrid Attack

Vulnerable Version Tomcat 11.0.0-M1 through 11.0.10Tomcat 10.1.0-M1 through 10.1.44Tomcat 9.0.0-M11 through 9.0.108Some EOL builds may also be impacted Fixed Version Tomcat 11.0.11 and aboveTomcat 10.1.45Continue readingCVE-2025-55752: Apache Tomcat Path Traversal Vulnerability