Blog

Your blog category

Blog

RediShell RCE Vulnerability

What is the Vulnerability? A Use-After-Free (UAF) bug in Redis’s Lua scripting subsystem (tracked as CVE-2025-49844, “RediShell”) allows an authenticated attacker who can run Lua scripts to escape the Lua sandbox and achieve arbitrary native code execution on the Redis host. This is a critical (CVSS 10.0), high-impact vulnerability because Lua scripting is enabled by…

Read More RediShell RCE Vulnerability
Blog

CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution.

Read More CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack
Blog

LevelBlue Announces Plans to Acquire XDR Provider Cybereason

The deal, which builds on LevelBlue’s recent acquisition of Trustwave and Aon, aims to provide customers with a broad portfolio of extended detection and response (XDR), managed detection and response (MDR), and forensic services.

Read More LevelBlue Announces Plans to Acquire XDR Provider Cybereason
Blog

‘Mysterious Elephant’ Moves Beyond Recycled Malware

The cyber-espionage group has been using sophisticated custom tools to target government and diplomatic entities in South Asia since early 2025.

Read More ‘Mysterious Elephant’ Moves Beyond Recycled Malware
Blog

F5 BIG-IP Environment Breached by Nation-State Actor

F5 disclosed a breach this week that included zero-day bugs, source code, and some customer information.

Read More F5 BIG-IP Environment Breached by Nation-State Actor
Blog

Sophos Firewall v22 is now available in early access

Secure by Design

Read More Sophos Firewall v22 is now available in early access
Blog

Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months

A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group’s expansion to the country beyond Southeast Asia and South America. The activity, which took place from January to May 2025, has been attributed by Broadcom-owned Symantec to a threat actor it…

Read More Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months
Blog

F5 network compromised

On October 15, 2025, F5 reported that a nation-state threat actor had gained long-term access to some F5 systems and exfiltrated data, including source code and information about undisclosed product vulnerabilities. This information may enable threat actors to compromise F5 devices by developing exploits for these vulnerabilities. The UK National Cyber Security Centre also notes…

Read More F5 network compromised
Blog

October Patch Tuesday beats January ’25 record

Microsoft throws a farewell party for Win10, Office 2016, and Office 2019… a very big party

Read More October Patch Tuesday beats January ’25 record
Blog

F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion

U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP’s source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a “highly sophisticated nation-state threat actor,” adding the adversary maintained long-term, persistent access to its network. The

Read More F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion