CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

GHSA-5XF5-GQ7P-JFX7 vulnerabilities

Vulnerabilities for packages: linux-aws, linux-vmware, linux-gcp, linux-qemu, linux-azure...

PT-2026-26216

Name of the Vulnerable Software and Affected Versions Budibase versions 3.30.6 and prior Description Budibase is a low code platform that allows the creation of internal tools, workflows, and admin panels. A flaw exists in the REST datasource query preview endpoint POST /api/queries/preview where...

How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs

Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional...

Phishing in 2026: 3 Attack Tactics That Beat Most Enterprise Defenses

Phishing drives about 90% of cyberattacks in 2026, using tactics like encrypted flows, QR code scams, and trusted cloud platforms to steal credentials...

Introducing AI Cyber Model Arena: A Real-World Benchmark for AI Agents in Cybersecurity

Wiz Research’s AI Cyber Model Arena benchmarks offensive AI security on 257 real-world challenges zero-days, CVEs, API/web, and cloud across AWS/Azure/GCP/K8s demonstrating what AI models and agents can really do...

The Buyer’s Guide to AI Usage Control

Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy contro...

Phishing Campaigns Abuse Trusted Cloud Platforms, Raising New Risks for Enterprises

ANY.RUN experts report a surge in phishing campaigns abusing trusted cloud and CDN platforms to bypass security controls and target enterprise users...

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing aka vishing and bogus...

CVE-2023-6176 vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-qemu-melange, linux-vmware...

GHSA-XFQ3-69MC-84PR vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-qemu-melange, linux-vmware...

What Is Quantum Computer Security?

Quantum computing is rapidly emerging as one of the most transformative technologies of our time. With the potential to tackle problems that remain intractable for even the most powerful classical supercomputers, quantum hardware has advanced at an extraordinary pace. Today, major platforms such ...

EUVD-2024-50418

Malicious code in bioql PyPI...

Navigating SEBI’s Cloud Security Requirements: A Guide for Regulated Entities

Overview: Who is impacted: The Securities and Exchange Board of India SEBI is the primary regulatory authority for the securities market in India. It was established to protect investor interests and promote market development, but its guidelines also impact cybersecurity professionals at regulat...

TraderTraitor: Deep Dive

Inside the Lazarus subgroup that’s hijacking cloud platforms, poisoning supply chains, and stealing billions in digital assets...

Securing Data in the AI Era

The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help. As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes f...

PT-2025-23952

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Envoy side-cars affected versions not specified Description A flaw exists in the Linux kernel related to insufficient validation of extensible ioctls within the pidfs subsystem. This could potential...

Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability

A vulnerability in Amazon Web Services AWS, Microsoft Azure, and Oracle Cloud Infrastructure OCI cloud deployments of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configuration...

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

A new global phishing threat called "Meta Mirage" has been uncovered, targeting businesses using Meta's Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. Cybersecurity researchers at CTM360 revealed tha...

USN-7387-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...