Yesterday, a vulnerability in OpenSSH, CVE-2025-61984, was published that potentially allows command execution on the client when ProxyCommand is used with usernames containing control characters (e.g., newlines). Some OpenSSH input...

The story of SoopSocks is one we, unfortunately, know well: a PyPI package that promises utility — a SOCKS5 proxy — but in reality introduces a well-orchestrated malicious implementation ....

In September 2025, a new incarnation of the notorious LockBit ransomware emerged, dubbed LockBit 5.0. It's not just an "update": it's an operational adaptation designed to be faster, less noisy,...

In recent days, a malvertising campaign targeting business users trying to download Microsoft Teams has been discovered. At first glance, the attack seems trivial: a sponsored ad leads to a...

Microsoft recently published a security advisory regarding a new vulnerability affecting Active Directory Domain Services (AD DS). The flaw, identified as CVE-2025-21293, is classified as an Elevation of Privilege vulnerability...

In early September 2025, Palo Alto Networks confirmed it had been the victim of a data breach. The compromise did not affect its core products or services, but rather some...

At the end of August 2025, a high-impact vulnerability affecting HikCentral Professional, the Hikvision platform used to centrally manage video surveillance and access control, was disclosed. The flaw, classified as...