Posted by Matthew Suozzo, Google Open Source Security Team (GOSST)Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing...
The Thermomix TM5 is a multifunctional kitchen appliance. In previous research, Jean-Michel Besnard found a directory traversal flaw in BusyBox's tar implementation. This article describes a lot...
The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. [...]
Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th. [...]
Researchers from the cybersecurity firm Lookout detected the latest version of DCHSpy one week after Israel’s June bombing campaign targeting Iran’s nuclear program began. DCHSpy was first...
TLS allows for a lot of configuration. Which encryption algorithms and key exchanges that can be used, hashing algorithms and more. The author of this post asks if this is the proper user...
Browsers need to be fast - I mean, really fast. So, running JavaScript isn't always fast enough. Modern browsers perform Just-in-Time (JIT) compilations of JavaScript to native code, making it...
The Web3 space is innovative yet financially risky at the same time, due to attackers' ability to directly steal money. This innovative aspect has led to many hard-won lessons in security that...
Halo2 is a zero-knowledge (ZK) proof framework based on the PLONK protocol that was originally used for Zcash. Circuits, the flow of operations and verification in a ZK proof, are structured as...
GMX is a very large decentralized trading platform. Although it has a $5M bug bounty, it was exploited for $42M after over 2 years of being live and multiple audits. There are several reasons this...
This report is an in the wild story of attackers compromising many contracts in a subtle way. The name says it all: Clandestine Proxy In the Middle of Proxy (CPIMP). Smart contract deployment of...
While browsing Shodan one day, they noticed a subdomain associated with Microsoft - guest.microsoft.com. Once logged in via a phone number, no information was given. This seemed like it wasn't...
McHire is a chatbot recruitment platform used by most of McDonald's franchisees. Employees chat with a bot named Olivia to collect information, conduct personality tests and more that is owned by...
Attackers have already used the exploit dubbed “ToolShell” to intrude hundreds of organizations globally, including private companies and government agencies. The post Mass attack spree hits...
The U.S. is stepping into a new cyber era, and it comes not a moment too soon. With the Trump administration’s sweeping $1 billion cyber initiative in the “Big Beautiful Bill” and growing...
ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. [...]
CISA has issued an urgent warning about a critical zero-day remote code execution vulnerability affecting Microsoft SharePoint Server on-premises installations that threat actors are actively...
Veeam warned customers today that a recently released Recovery Orchestrator version blocks Web UI logins after enabling multi-factor authentication (MFA). [...]
Microsoft has issued an urgent patch for most SharePoint servers after cybersecurity researchers found threat actors globally exploiting a zero-day vulnerability in the products.
The House of Dior (Dior) is sending data breach notifications to U.S. customers informing them that a May cybersecurity incident compromised their personal information. [...]
CERT Polska has received a report about Hard-coded Credentials vulnerability (CVE-2025-4049) found in SIGNUM-NET FARA software.
Symantec products already block CVE-2025-53770 exploit attempts.
Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface. [...]
Learning a new language doesn't have to mean night classes, bulky textbooks, or boring apps. With Babbel, you can pick up real-world conversation skills through short, fun, and practical lessons....
A newly rebranded extortion gang known as "World Leaks" breached one of Dell's product demonstration platforms earlier this month and is now trying to extort the company into paying a ransom. [...]
Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell"...
The solution is designed for processes producing ultra-thin aluminum, copper and steel foil.
As the industry moves toward more AI-enabled digitization, connected workers are stepping up to the plate to merge human expertise with technological progress.
13 Experts Discuss Autonomous Mobile Robots examines how Texas Instruments helps its customers build next-generation mobile robotics with innovative products.
Critical Manufacturing was named a Representative Vendor in Gartner’s May 2025 MES Market Guide.