Bug Bounty

More than two decades after its initial discovery, the NTLM authentication protocol continues to plague Windows systems worldwide.

What started in 2001 as a theoretical vulnerability has evolved into a widespread security crisis, with attackers actively weaponizing multiple NTLM flaws to compromise ...

Security researchers have discovered a critical denial-of-service vulnerability in Next.js that allows unauthenticated attackers to crash self-hosted servers with a single HTTP request.

The flaw was unexpectedly uncovered by an AI security testing tool while examining a demo application, ultimately ...

Pakistan-linked cyberespionage group APT36 (Transparent Tribe) has escalated its campaign against Indian government institutions with the deployment of sophisticated Python-based ELF malware specifically designed to compromise Linux-based BOSS operating environments, according to research published ...

NVIDIA has released security updates to address fourteen critical vulnerabilities in its DGX Spark system.

These flaws could allow attackers to execute malicious code, steal sensitive information, and launch denial-of-service attacks that crash the system.

The vulnerabilities affect all versions ...

Security researchers have discovered a critical vulnerability in Microsoft Teams that allows attackers to bypass all Defender for Office 365 protections by inviting users into malicious tenant environments.

The flaw exploits a fundamental architectural gap in how Teams handles cross-tenant ...

CVE-2025-32421 is a race condition vulnerability identified in the Next.js framework, which is widely used for building full-stack web applications. Specifically, this vulnerability impacts versions prior to 14.2.24 and 15.1.6 of Next.js. It manifests under certain misconfigurations in the Pages ...

A logic issue within the processing of web content has been discovered that can allow maliciously crafted input to potentially execute arbitrary code on affected systems. This vulnerability has been addressed in the latest updates across various Apple platforms including iOS, iPadOS, tvOS, and ...

A permission control vulnerability exists in the Notepad module of Huawei products, allowing unauthorized access that could compromise service confidentiality. Exploiting this vulnerability might lead to unauthorized disclosure of sensitive information. Users of affected Huawei Notepad versions ...

The UX360CA BIOS on ASUS laptops versions up to 303 is susceptible to a severe flaw that enables an attacker with ring 0 privileges to overwrite almost any physical memory location, including System Management RAM (SMRAM). This exploitation facilitates the execution of arbitrary code within the ...

CVE-2025-27607 is a critical remote code execution (RCE) vulnerability affecting the Python JSON Logger, a JSON formatting tool used to enhance logging capabilities in Python applications. The vulnerability arose due to a missing dependency caused by the deletion of the msgspec-python313-pre package ...