A newly disclosed vulnerability, CVE-2025-51591, is making waves in the cybersecurity community. The flaw—classified as a server-side request forgery (SSRF)—targets Amazon Web Services (AWS) Instance Metadata Service (IMDS), creating a critical attack vector that could compromise cloud-hosted systems at scale. 🔎 What Is CVE-2025-51591? At its core, this vulnerability allows attackers to trick a vulnerable … Continued
In a significant breach, UXLINK, a prominent Web3 social platform, has experienced a severe security exploit. Hackers gained unauthorized access to the platform’s multi-signature wallet, resulting in the minting of approximately 2 billion UXLINK tokens and the theft of around $11.3 million in various cryptocurrencies. The incident has led to a sharp decline in the … Continued
Global Aviation Summit Opens in Montreal as Cyber-Threats, Diplomatic Cracks and Environmental Pressures Loom Large Montreal — The triennial assembly of the United Nations’ International Civil Aviation Organization (ICAO) starts today (23 September 2025), and for many delegates, the atmosphere is uncomfortably charged. What should be a forum for technical cooperation and shared progress in … Continued
Microsoft Seals Critical Entra ID Flaw After Discovery of Global-Tenant Admin Impersonation Vulnerability September 22, 2025 Microsoft has patched a severe security vulnerability (CVE-2025-55241) in its identity platform, Entra ID (formerly Azure Active Directory), that could have allowed attackers to impersonate Global Administrators across any tenant worldwide. The flaw, which carried a maximum severity score … Continued
A sophisticated cyberattack has disrupted operations at three major European airports—Heathrow, Brussels, and Berlin—causing widespread flight cancellations and delays. Cybersecurity leaders say the incident exposes systemic weaknesses in shared aviation technology and underscores the urgent need for stronger supply chain security and compliance with evolving regulations like the NIS2 Directive. “Simultaneous disruptions at multiple airports … Continued
OpenAI Introduces Flexible Thinking Controls in ChatGPT OpenAI has unveiled a major update to ChatGPT, giving users the ability to choose how much reasoning effort the GPT-5 Thinking model invests before producing a response. This new control feature is designed to balance speed with depth, allowing users to tailor the AI’s output depending on their … Continued
In today’s fast-moving software landscape, web apps face ever-more sophisticated attacks. For example, Verizon’s 2024 breach report shows a 180% jump in attacks exploiting application vulnerabilities in 2023. This means choosing the right security testing tool is critical. The right tool helps your team find flaws early, cut false alarms, and fit seamlessly into your … Continued
In an era of rapid DevOps and cloud-native development, protecting code and applications is mission-critical. Leading AppSec vendors now offer broad platforms covering static/dynamic analysis, open-source scanning, container and mobile security, and even runtime self-protection. These tools integrate into CI/CD pipelines and IDEs, enabling “shift-left” security. Below we highlight ten standout companies (enterprise giants and … Continued
TL;DR A critical improper-input-validation vulnerability (CVE-2025-54236, a.k.a. SessionReaper) in Adobe Commerce / Magento Open Source lets attackers take over customer sessions via the Commerce REST API — Adobe released an out-of-band patch on Sep 9, 2025 and urges immediate remediation. CVSS: 9.1 (Critical). Adobe Help Center What happened Adobe published an emergency security bulletin (APSB25-88) … Continued
What happened Plex, the media streaming and personal media server platform, confirmed today that an unauthorized third party accessed a limited subset of customer database information—including emails, usernames, and securely hashed passwords—through a security breach. The company stated that there is no evidence of credit card data being compromised, as they do not store such … Continued
