Login Subscribe

Vulnerabilities & Exploits

GoAnywhere MFT Zero‑Day Lets Attackers Slip Past Firewalls

GoAnywhere MFT Zero‑Day Lets Attackers Slip Past Firewalls

In September 2025 a previously unknown flaw in the GoAnywhere Managed File Transfer (MFT) license‑servlet was weaponized. The vulnerability allowed an unauthenticated remote attacker to upload malicious payloads and achieve arbitrary code execution on the MFT server. Because the servlet is reachable through the standard HTTPS port, the exploit

Claude Code Flaws Open AI Supply‑Chain to Malicious Template Injection

Claude Code Flaws Open AI Supply‑Chain to Malicious Template Injection

Researchers uncovered a set of vulnerabilities in Anthropic’s Claude Code platform that allow threat actors to embed malicious code into shared project templates. When developers pull these compromised templates into their CI/CD pipelines, the code can execute remotely, harvest Anthropic API keys, and exfiltrate data from the build

Claude Code Flaw Lets Attackers Run Code and Steal API Tokens via Malicious Projects

Claude Code Flaw Lets Attackers Run Code and Steal API Tokens via Malicious Projects

Check Point researchers identified two critical bugs in Anthropic’s Claude Code AI‑assisted coding assistant. The vulnerabilities are triggered when a developer opens a project file that contains specially crafted payloads. One flaw enables remote code execution on the host machine, while the other silently harvests the user’s

Check Point Explains How CTEM Outshines Classic Vulnerability Management

Check Point Explains How CTEM Outshines Classic Vulnerability Management

During a recent Reddit AMA, Check Point security experts broke down their Cyber Threat Exposure Management (CTEM) framework. They highlighted that CTEM goes beyond traditional vulnerability scans by tying each flaw to the probability of an exploit and the specific business impact it could cause. This correlation creates a risk

BeyondTrust RCE Probe Surge Signals Early Exploit Activity

BeyondTrust RCE Probe Surge Signals Early Exploit Activity

GreyNoise telemetry has identified a sharp increase in reconnaissance traffic aimed at the newly disclosed CVE‑2026‑1731 remote code execution flaw in BeyondTrust’s privileged remote‑admin tools. Multiple threat actors are conducting automated scans and low‑level probing of the vulnerable services, with some groups already attempting early‑

Unpatched Web Flaw Lets Hackers Steal Data of 2.5M Student Loan Borrowers

Unpatched Web Flaw Lets Hackers Steal Data of 2.5M Student Loan Borrowers

A threat‑actor group compromised a leading student loan servicer by exploiting a known but unpatched web application vulnerability. The attackers gained unauthorized access to the backend database and siphoned personally identifiable information—including names, Social Security numbers, dates of birth, and loan details—from roughly 2.5 million borrowers.

Starkiller Phishing Service Mirrors Real Logins, Skips MFA and Harvests Tokens

Starkiller Phishing Service Mirrors Real Logins, Skips MFA and Harvests Tokens

KrebsOnSecurity exposed a new phishing‑as‑a‑service platform dubbed “Starkiller” that routes victims through live, unmodified login pages of targeted services. By acting as a transparent proxy, the service captures usernames, passwords, and one‑time MFA codes in real time, then forwards the authentication request to the legitimate site,

Malicious NuGet Packages Exfiltrate ASP.NET Identity and Install Persistent Backdoors

Malicious NuGet Packages Exfiltrate ASP.NET Identity and Install Persistent Backdoors

Security researchers at Socket identified a supply‑chain attack that distributes malicious NuGet packages targeting ASP.NET developers. The packages appear legitimate but contain code that harvests ASP.NET Identity credentials—usernames, password hashes, and authentication tokens—and then writes a hidden backdoor into the compromised web application, allowing attackers