Security

13-Year-Old Critical Redis RCE Flaw Allowed Attackers Full Host Access

A newly uncovered remote code execution (RCE) flaw in Redis, known as RediShell, has revealed that attackers could gain complete control over the host system. The issue, tracked as CVE-2025-49844, was discovered by Wiz Research and carries the maximum CVSS score of 10.0, placing it among the most critical security threats identified to date. The […]

13-Year-Old Critical Redis RCE Flaw Allowed Attackers Full Host Access Read More »

Google Chrome RCE Flaw Disclosed, Exploit Code Published

Researchers have published full technical details and proof-of-concept exploit code for a critical remote code execution, RCE, vulnerability in Google Chrome’s V8 JavaScript engine. The bug stems from a WebAssembly type canonicalization regression that creates nullability confusion, and a separate JavaScript Promise Integration, JSPI, state-switching weakness that enables a novel sandbox bypass. This article explains

Google Chrome RCE Flaw Disclosed, Exploit Code Published Read More »

Chinese Cybercrime Gang Operates Worldwide SEO Fraud Scheme Through Hacked IIS Servers

A new cybersecurity investigation has revealed a large-scale cyber fraud operation linked to a Chinese-speaking group named UAT-8099. This group is reportedly involved in SEO manipulation, data theft, and unauthorized access to systems via compromised Microsoft IIS servers. The attackers primarily target regions like India, Thailand, Vietnam, Canada, and Brazil, with victims including universities, tech

Chinese Cybercrime Gang Operates Worldwide SEO Fraud Scheme Through Hacked IIS Servers Read More »

Fresh Report Connects BIETA and CIII Research Firms to China’s MSS Cyber Activities

A new intelligence report has revealed connections between two Chinese research firms, the Beijing Institute of Electronics Technology and Application (BIETA) and its subsidiary Beijing Sanxin Times Technology Co., Ltd. (CIII), and China’s Ministry of State Security (MSS). According to cybersecurity firm Recorded Future, BIETA appears to be managed or influenced by the MSS based

Fresh Report Connects BIETA and CIII Research Firms to China’s MSS Cyber Activities Read More »

5g (13)

Spotify Introduces Direct Messaging for Music Sharing, Security Risks Analyzed

Spotify has officially launched a new in-app direct messaging feature called Messages, now available to both Free and Premium users aged 16 and above in select regions. The update went live on August 26, 2025, and is designed to make sharing music, podcasts, and audiobooks more seamless while encouraging social engagement inside the platform. How

Spotify Introduces Direct Messaging for Music Sharing, Security Risks Analyzed Read More »

add a heading (8)

Azure Default API Flaw Allows Cross-Tenant Compromise

A major security vulnerability was uncovered in Microsoft Azure’s API Connection infrastructure, allowing attackers to break tenant boundaries and gain unauthorized access to sensitive resources worldwide. The researcher behind the discovery, Gulbrandsrud, was awarded a $40,000 bug bounty and invited to present the findings at Black Hat. The issue originated from Azure’s shared API Management

Azure Default API Flaw Allows Cross-Tenant Compromise Read More »

Blue Report 2025: Weak Passwords and Compromised Accounts Findings

Security professionals often focus on countering the latest sophisticated attack methods. However, the most damaging breaches frequently stem not from cutting-edge exploits, but from compromised accounts and cracked credentials. Despite widespread awareness, Picus Security’s Blue Report 2025 reveals that many organizations still struggle to prevent password attacks and detect malicious activity using stolen credentials. A

Blue Report 2025: Weak Passwords and Compromised Accounts Findings Read More »