Critical Next.js CVE-2025-29927 Flaw Disclosed

🎓️ Vulnerable U | #108

More CISA DOGE drama, US softening on Russia cyber defenses, 60M malware app downloads from Google Play Store, Massive Github supply chain hack, and much more!

Apache Tomcat CVE-2025-24813 Under Attack

CISA Warns of Supply Chain Compromise of tj-actions/changed-files GitHub Action

CISA Adds Apple CVE-2025-24201 to KEV Catalog

🎓️ Vulnerable U | #107

CISA having a bad time, Microsoft and Google Threat Intel full of goodies this week, SSRF on the rise as per GreyNoise, and much more!

Microsoft Disrupts Huge Malvertising Campaign

🎓️ Vulnerable U | #106

US stand down against Russia, Microsoft intel on Silk Typhoon, Some spicy polymorphic malware, a super huge and instantly spun up botnet, and much more!

High Pay, Low Respect: 60% of Cybersecurity Pros Want to Change Jobs

Cybersecurity burnout is real—learn practical self-care tips, set boundaries, and build community support to protect your mental health in a high-stress industry.

Executives Receive Fake Snail Mail BianLian Ransomware Notes

Executives are receiving something strange from scammers claiming to be linked to the BianLian group: Fake ransomware letters delivered via snail mail

Microsoft Patches Critical RCE Flaw in Windows KDC Proxy

Microsoft has patched CVE-2024-43639, a critical remote code execution (RCE) vulnerability in Windows KDC Proxy.

Highly Targeted Polyglot Malware Campaign Hits UAE Aviation and Satellite Firms

A sophisticated cyber espionage campaign, dubbed UNK_CraftyCamel, is targeting aviation and satellite organizations in the UAE. Attackers use polyglot files, a custom Go-based backdoor (Sosano), and compromised business accounts to evade detection.