Critical, make-me-super-user SAP S/4HANA bug under active exploitation Key Points • CVE-2025-42957 is a critical (9.9) code-injection flaw affecting SAP S/4HANA (private cloud and on-premises). • Vulnerability allows injection of…
The crazy, true story behind the first AI-powered ransomware Summary A New York University engineering team built a proof-of-concept they call “Ransomware 3.0” to test whether large language models can…
Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python Summary Researchers at Recorded Future have identified two new builds of CastleRAT — one written…
Researchers from Nanjing University and the University of Sydney have developed an AI-powered agent, A2, that automates discovery and validation of vulnerabilities in Android apps. Building on prior work (A1)…
Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation Summary An AI-driven offensive research pipeline, dubbed Auto Exploit, has been shown to generate proof-of-concept exploit code for real vulnerabilities in open-source software…
Czech Warning Highlights China Stealing User Data Summary Content summary The Czech Republic’s National Cyber and Information Security Agency (NÚKIB) issued a warning about products and services that transfer system…
UltraViolet Expands AppSec Capabilities With Black Duck’s Testing Business Summary UltraViolet Cyber has acquired the Application Security Testing (AST) services arm of Black Duck, adding penetration testing, red teaming, threat…
Sitecore Zero-Day Sparks New Round of ViewState Threats Summary A critical zero-day, tracked as CVE-2025-53690, is being actively exploited in Sitecore deployments (XM, XP, Experience Commerce) via a ViewState deserialization…
ISC2 Aims to Bridge DFIR Skills Gap With New Certificate Summary The nonprofit certification body ISC2 has launched the Threat Handling Foundations Certificate, a four-course, hands-on programme designed to strengthen…
Phishing Empire Runs Undetected on Google, Cloudflare Summary Researchers at Deep Specter Research uncovered a multi-year, industrial-scale phishing-as-a-service (PhaaS) operation that ran largely unnoticed on major cloud platforms, primarily Google…
