Magento Carding Attack Leverages Fake GIFs and Proxy Malware
A multi-stage carding attack targeted a Magento eCommerce site running outdated version 1.9.2.4, unsupported since June 2020. Unpatched flaws allowed malware to use a fake .gif file, tamper with browser [...]
Defender XDR False Positive Leaked 1700+ Docs
A significant data leak involving Microsoft Defender XDR exposed over 1,700 sensitive documents from many organizations, triggered by a critical false positive error. The incident was first identified by security [...]
Chrome UAF Vulnerabilities: Active Exploits
Researchers discovered two critical UAF vulnerabilities in Chrome, actively exploited in the wild, but Google’s MiraclePtr defense has now blocked them, strengthening browser security. All about the Chrome UAF vulnerability [...]
Ivanti 0-Day Exploited for DslogdRAT & Web Shell
Threat actors have exploited a zero-day flaw in Ivanti Connect Secure (CVE-2025-0282) to install a web shell and a remote access trojan (DslogdRAT), according to JPCERT/CC. How DslogdRAT and the [...]
Commvault RCE Exploited, PoC Available
A major remote code execution (RCE) vulnerability, CVE-2025-34028, has been discovered in Commvault’s on-premise backup and recovery software, posing serious risks to enterprises and managed service providers worldwide. Commvault RCE [...]
FHN 
