Login Subscribe

Vulnerabilities & Exploits

WPA3 Handshake Flaw Lets Attackers Sniff Wi‑Fi Traffic

Security researchers have uncovered a new attack that subverts the WPA3 Simultaneous Authentication of Equals (SAE) handshake. By injecting crafted messages during the four‑way exchange, the exploit forces the access point to reveal enough information for an adversary to compute the session key and decrypt subsequent traffic. The vulnerability

Zero‑Day GoAnywhere MFT Bypasses Perimeter Firewalls, Highlights Need for Defense‑in‑Depth

Zero‑Day GoAnywhere MFT Bypasses Perimeter Firewalls, Highlights Need for Defense‑in‑Depth

The threat group Storm‑1175 weaponized CVE‑2025‑10035, a remote‑code‑execution flaw in the GoAnywhere Managed File Transfer (MFT) platform. By delivering the exploit over standard web traffic, the actors sidestepped the organization’s external firewalls, which were configured to allow HTTP/HTTPS to the MFT service. Within

Iranian Groups Weaponize IP Cameras for Real‑Time Battlefield Intel

Iranian Groups Weaponize IP Cameras for Real‑Time Battlefield Intel

Check Point researchers have uncovered a coordinated campaign by Iranian‑affiliated threat actors that targets internet‑connected IP cameras across the region. The groups systematically scan for devices with default usernames and passwords, then exploit unpatched firmware to gain persistent access. Once compromised, the cameras are used to stream live

GoAnywhere MFT Zero‑Day Bypasses Firewalls, Triggers Massive Data Breach

GoAnywhere MFT Zero‑Day Bypasses Firewalls, Triggers Massive Data Breach

VMware researchers uncovered a critical zero‑day in the GoAnywhere Managed File Transfer (MFT) platform that was actively weaponized by the Storm‑1175 threat group. The flaw, assigned a CVE with a 10.0 CVSS rating, allowed remote code execution without authentication and evaded detection by traditional perimeter firewalls. Because

OpenAI Codex Scans 1.2M Commits, Flags Over 10K Critical Vulnerabilities

OpenAI Codex Scans 1.2M Commits, Flags Over 10K Critical Vulnerabilities

OpenAI’s new Codex Security assistant processed more than 1.2 million code commits across diverse projects, automatically surfacing 10,561 high‑severity flaws. By ingesting full project context, the AI model identifies complex bugs that static analysis often misses, and it generates concrete remediation patches while aiming to keep

GreyNoise Feeds Real‑Time Threat Context Directly into CrowdStrike Falcon

GreyNoise Feeds Real‑Time Threat Context Directly into CrowdStrike Falcon

GreyNoise has integrated its threat‑intelligence feed into the CrowdStrike Falcon platform, delivering configurable, real‑time blocklists that automatically suppress alerts generated by low‑severity mass scanners. The integration also enriches Falcon incidents with up‑to‑date malicious‑IP reputation data and provides early warnings on emerging CVE exploitation, giving

Iranian Threat Actors Ramp Up IP‑Camera Hijacks to Fuel Kinetic Operations

Iranian Threat Actors Ramp Up IP‑Camera Hijacks to Fuel Kinetic Operations

Checkpoint researchers have identified a coordinated surge in compromise of internet‑connected video cameras throughout the Middle East. The actors, linked to Iranian state‑aligned groups, are exploiting default credentials, outdated firmware, and unsecured network segments to gain persistent access to live feeds. The stolen footage is then repurposed to

AI Model Spots 22 Firefox Flaws, 14 Critical – Patch Fast in v148

AI Model Spots 22 Firefox Flaws, 14 Critical – Patch Fast in v148

Anthropic leveraged its Claude Opus 4.6 large language model to conduct an automated security audit of Mozilla’s Firefox browser. The AI scan uncovered 22 previously unknown vulnerabilities, including 14 classified as high severity. Mozilla responded quickly, issuing a comprehensive fix in the Firefox 148 release. These flaws ranged