The Cyber Future Is Riskier Than You Think

Blog

Byadmblake June 17, 2025

Sound suggestions on how to tackle four “quiet problems” that often slip through the security cracks.

Blog

Apache TomCat AJP File Inclusion Vulnerability

FortiGuard Labs is aware of a new attack on Apache Tomcat Servers dubbed “GhostCat.” Discovered by Chaitin Tech, a vulnerability in Apache Tomcat exists where an attacker has the ability to read and write in the webapp directory of Apache Tomcat. It addition to this, an attacker has the ability to upload files to the…

Read More Apache TomCat AJP File Inclusion Vulnerability
Blog

The Boring Stuff is Dangerous Now

AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly.

Read More The Boring Stuff is Dangerous Now
Blog

Researchers Detail Zero-Click Copilot Exploit ‘EchoLeak’

Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks.

Read More Researchers Detail Zero-Click Copilot Exploit ‘EchoLeak’
Blog

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. “UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access,” Cisco Talos researchers

Read More Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
Blog

Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited

Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component. “Memory corruption when adding user-supplied data without checking available buffer space,” Qualcomm said in an…

Read More Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Blog

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. “Pinging functionality that can report back to a…

Read More Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

Related