Reza Rafati
-
Authenticated SQL Injection Exposes TorrentPier User Data
An authenticated SQL injection vulnerability, tracked as CVE-2025-64519, has been discovered in TorrentPier, the popular open-source BitTorrent tracker engine. The flaw allows malicious actors with moderator privileges to execute arbitrary SQL queries, posing a significant risk to the integrity and confidentiality of database information.
-
Mandiant Warns of Active Exploitation of Critical Triofox Flaw Allowing Remote Access
Mandiant warns of active exploitation of a critical Triofox flaw (CVE-2025-12480) allowing remote code execution, with threat actors UNC6485 bypassing authentication to compromise systems.
-
GlassWorm Malware Resurfaces, Infecting VS Code Extensions with Stealthy Unicode Attack
The GlassWorm malware campaign has re-emerged, targeting the Visual Studio Code (VS Code) ecosystem with a new set of malicious extensions, signaling a persistent threat to developers. This sophisticated, self-propagating worm aims to compromise credentials and cryptocurrency assets using invisible Unicode characters to embed malicious code.
-
ClickFix Phishing Campaign Targets Hotel Systems with PureRAT Malware
A sophisticated ClickFix phishing campaign is targeting the global hospitality sector, deploying PureRAT malware to steal sensitive credentials and defraud hotels and customers on booking platforms like Booking.com and Expedia.
-
The Enterprise Browser: A New Cyber Frontier, Report Warns
A new report highlights a critical shift in the landscape of enterprise cybersecurity, positing that the user’s browser has become a convergence point for significant identity, SaaS, and AI-related risks, often evading the purview of traditional security measures.
-
Linux Kernel Receives Patch to Fortify Cryptographic Random Number Generation
The Linux kernel, a foundational component of countless computing systems worldwide, has recently received an essential security update addressing a vulnerability within its cryptographic random number generator (RNG). This patch, identified as CVE-2025-40109, aims to ensure the integrity of randomness crucial for secure operations, from encryption to digital signatures.
-
Security Flaw in Skuul Management System Poses Risk to Student Fee Data
A newly disclosed security vulnerability in the yungifez Skuul School Management System, affecting versions up to 2.6.5, could allow attackers to manipulate resource identifiers and potentially access or alter student fee invoice information. The flaw, categorized as a resource injection, highlights ongoing challenges in securing educational technology platforms.
-
UK Online Safety Push Sparks Transatlantic Free Speech Clash
A contentious legal battle is unfolding across the Atlantic, as the United Kingdom’s communications regulator, Ofcom, faces accusations of extraterritorial overreach in its enforcement of the Online Safety Act against American online platforms, reigniting a global debate on internet sovereignty and free speech.
-
Ukrainian Strikes Disrupt Power in Russian Border Regions, Leaving Thousands in Darkness
Ukrainian forces have conducted a series of drone and missile strikes targeting energy infrastructure across several Russian border regions, resulting in widespread power outages. This strategy aims to disrupt vital infrastructure, exert economic pressure, and underscore the vulnerability of Russian domestic systems.
-
Google’s AI System Identifies Critical WebKit Vulnerabilities, Underscoring Machine Learning’s Evolving Role in Cybersecurity
Google’s AI system has successfully identified critical vulnerabilities within Apple’s WebKit, demonstrating the growing effectiveness of machine learning in cybersecurity. This significant discovery highlights AI’s evolving role in proactively detecting complex security flaws that often evade traditional methods, promising a future where AI plays a central role in securing digital infrastructure.