Security researchers at Push have identified a sophisticated new phishing attack termed “ConsentFix,” which combines OAuth consent manipulation with ClickFix-style social engineering to compromise Microsoft accounts without requiring passwo…

Security researchers have identified an active zero-day vulnerability in Gogs, a widely used self-hosted Git service. The flaw has already resulted in the compromise of more than 700 servers publicly exposed on the internet. As of early December 2025, …

The development team behind the popular text editor Notepad++ has released version 8.8.9 to address a critical security flaw that could allow traffic hijacking. This vulnerability affects the software’s update mechanism, potentially allowing attackers …

Security researchers have disclosed two new vulnerabilities in React Server Components that expose servers to Denial-of-Service (DoS) attacks and to source code leaks. These flaws were discovered while experts were analyzing the patches for last week&#…

Security researchers have unveiled a critical series of vulnerabilities in the .NET Framework’s HTTP client proxy architecture, dubbed “SOAPwn,” that enables remote code execution across multiple enterprise-grade platforms. Presented …

Jenkins has released a critical security advisory addressing a high-severity denial-of-service vulnerability affecting millions of organizations that rely on the popular automation server. The flaw, tracked as CVE-2025-67635, allows unauthenticated att…

The Shadowserver Foundation has issued an urgent update regarding the critical “React2Shell” vulnerability, identifying a massive attack surface that remains exposed to potential exploitation. Following targeted improvements to their scanni…