Zimbra 10 SQL Injection (CVE-2025-25064) Analysis Article github.com/yelang123/Zimb…

Check out this article on the security challenges of MCP (Model Context Protocol) services. As MCP gains traction, unauthorized services expose risks like data leaks & command execution. rustlang.rs/posts/mcp/ #MCP #AIsecurity #Cybersecurity

4chan reportedly hacked! Source code, moderator emails, and internal data allegedly leaked by a rival group. The site’s been down since yesterday. Big blow to the infamous imageboard. #4chan #Cybersecurity

New article dissects critical Palo Alto Networks vulnerabilities. Learn how CVE-2024-0012 and CVE-2024-9474 can be exploited, and the potential combo with CVE-2025-0108. A must-read for cybersecurity pros! #CyberSecurity#CyberSecurity rustlang.rs/posts/pa/

Critical 0-Day (CVSS 9.8) in Fortinet Products Actively Exploited A critical Fortinet zero-day (CVE-2025-32756, CVSS 9.8) is being actively exploited, allowing unauthenticated RCE. PoC available, patch immediately. securityexpress.info/critical-0-day…

When you get hooked on AI programming 🤖🔥 #AICoding #ProgrammingAddiction #Cursor

What happened to #augmentcode? The service is unavailable. Augment Code

rustlang.rs/posts/CVE-2025… Chinese Version of the Detailed Analysis of CVE-2025-55182 Vulnerability

CVE-2025-68926 RustFS gRPC Hardcoded. 2024-09-27: Hardcoded token "rustfs rpc" introduced• 2024-10-01: Vulnerable release published• 2026-01-05: Patched version released• Exposure: ~15 monthshttps://github.com/rustfs/rustfs/commit/04ab9d75a97014d3056d4affcb0a0987c0d29a01

CVE-2025-68705 RustFS Path Traversal Vulnerability RUSTFS_SECRET_KEY : rustfsadmin github.com/imjdl/CVE-2025… github.com/rustfs/rustfs/…

Here's a short video from our founder, Zhilin Yang. (It's his first time speaking on camera like this, and he really wanted to share Kimi K2.5 with you!)

#SmarterMail #CVE-2026-24423 (CVSS 9.3) — unauthenticated RCE via the ConnectToHub API. The issue stems from an AllowAnonymous endpoint that accepts a hubAddress parameter, fetches attacker-controlled JSON, and leads to command execution via CommandMount under SYSTEM context.

We just published our Rapid7 analysis of CVE-2026-1731, a critical command injection affecting BeyondTrust Privileged Remote Access (PRA) & Remote Support (RS). Unauthenticated RCE, with a root cause due to Bash arithmetic evaluation. Analysis/PoC here: attackerkb.com/topics/jNMBccs…

GCONV_PATH Injection in GNU Inetutils telnetd Credit: Discovered by Justin Swartz Reference: seclists.org/oss-sec/2026/q… Justin revealed that while CVE-2026-24061 fix addressed the "-f root" authentication bypass, the underlying environment variable sanitization issue remains

I wrote a technical analysis of CVE-2026-31816 in Budibase. The vulnerability originates from an unanchored webhook regex in the authorized() middleware. Because the check uses ctx.request.url, attackers can inject /webhooks/ in the query string to bypass authentication. In

WontFix can be an RCE Goldmine SOAPwn by Piotr Bazydło #5 in PortSwigger Web Hacking Techniques of 2025 Microsoft’s refusal to patch HttpWebClientProtocol invalid casting makes any .NET app using ServiceDescriptionImporter permanently vulnerable to arbitrary file write via

What's new is old, and what's old is new - as is relentlessly proven. Join us in our analysis of CVE-2026-32746, the recent pre-auth RCE in inteutils' Telnetd Speak soon. labs.watchtowr.com/a-32-year-old-…