Security researchers have uncovered a severe vulnerability in Apache Parquet, a widely-adopted columnar storage format, affecting all versions up to 1.15.0. The vulnerability, designated as CVE-2025-30065, has received the highest possible CVSS score of 10.0, indicating an urgent security risk that requires immediate attention from organizations utilizing this data format. Understanding the Technical Impact The … Read more

The development team behind the popular Flipper Zero security testing tool has unveiled plans for their professional-grade device, the Flipper One. This new hardware platform represents a significant evolution in portable security testing equipment, offering enhanced capabilities and professional-focused features that set it apart from its predecessor. Advanced Hardware Architecture and Professional-Grade Display The Flipper … Read more

Security researchers at Tenable have uncovered a significant vulnerability in Google Cloud Run that could potentially allow malicious actors to gain unauthorized access to private containers and inject harmful code. The vulnerability, dubbed ImageRunner, was successfully patched by Google on January 28, 2025, following responsible disclosure protocols. Understanding the ImageRunner Vulnerability The vulnerability stemmed from … Read more

Security researchers at thinkAwesome GmbH have uncovered a severe security vulnerability in the widely deployed Unitree Go1 robotic systems. The investigation revealed an undocumented tunnel service pre-installed on these devices, potentially allowing unauthorized remote access and control of the robots. Technical Analysis of the Security Breach The vulnerability stems from a Raspberry Pi-based control system … Read more

Cloudflare has unveiled AI Labyrinth, a groundbreaking security solution designed to combat unauthorized AI data collection through an innovative deception-based approach. This sophisticated system represents a significant advancement in web resource protection, employing dynamic content generation to create elaborate mazes of authentic-looking but irrelevant information that effectively confounds AI crawlers. The Growing Threat of AI … Read more

In a significant cybersecurity achievement, threat intelligence firm Resecurity has successfully compromised the infrastructure of the notorious BlackLock ransomware group, effectively disrupting their operations and preventing numerous potential attacks. This operation marks a crucial victory in the ongoing battle against ransomware threats. BlackLock’s Global Impact and Operational Scope As of February 2025, BlackLock’s criminal activities … Read more

A significant cybersecurity incident has emerged involving Oracle Cloud’s federated Single Sign-On (SSO) infrastructure, with a threat actor claiming to have compromised login.(region).oraclecloud.com servers and exfiltrated approximately 6 million sensitive records. This development warrants immediate attention from security professionals and organizations utilizing Oracle Cloud services. Breach Claims and Technical Impact Assessment The threat actor, operating … Read more

Cybersecurity researchers at Bitdefender have uncovered a significant tactical evolution in the operations of the notorious RedCurl hacking group. The threat actor, previously known exclusively for corporate espionage, has expanded its arsenal with QWCrypt, a sophisticated ransomware specifically engineered to target Microsoft Hyper-V virtual machines. RedCurl’s Strategic Evolution and Global Impact First identified by Group-IB … Read more

Security researchers at Acros Security have uncovered a significant zero-day vulnerability affecting all modern Windows operating systems, enabling attackers to steal user credentials through the NTLM protocol with minimal user interaction. The critical security flaw can be triggered simply by opening a malicious file in Windows Explorer, making it particularly dangerous for enterprise environments. Technical … Read more

A sophisticated phishing attack has successfully compromised the Mailchimp account of Troy Hunt, a prominent cybersecurity expert and founder of Have I Been Pwned, resulting in unauthorized access to approximately 16,000 subscriber records. This incident highlights the evolving complexity of modern phishing tactics and the persistent challenges in securing digital communications. Anatomy of an Advanced … Read more