Critical XRING Flaw in XQUIC Library Exposes HTTP/3 Servers to Crashes
A zero-day vulnerability in Alibaba's XQUIC library allows remote attackers to crash HTTP/3 servers with minimal traffic. No patch is currently available.
Read moreSecurity insights, vulnerability roundups, and updates from the Agent Breach team.
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.
A zero-day vulnerability in Alibaba's XQUIC library allows remote attackers to crash HTTP/3 servers with minimal traffic. No patch is currently available.
Read moreA new Rust-based remote access trojan dubbed MODBEACON is being used by the China-linked Silver Fox group. It employs gRPC streaming to encrypt its command-and-control traffic, evading traditional detection methods.
Read moreThree high-severity vulnerabilities in OpenClaw AI assistant could lead to credential theft and remote code execution. These flaws highlight risks in AI-powered personal assistants.
Read moreMultiple advanced persistent threat groups linked to China and India targeted Pakistani law enforcement infrastructure over a two-year campaign. The attacks compromised servers handling sensitive police and citizen data through weaponized web applications.
Read moreThe jscrambler 8.14.0 npm release was compromised to drop a Rust-based infostealer during installation. Security monitoring detected the threat within minutes.
Read moreA hardware-based laser attack can permanently reset passwords on certain Tangem crypto wallets with no trace. This physical exploit highlights risks in embedded security design.
Read moreNew vulnerabilities in the widely used U-Boot firmware could allow attackers to crash devices or execute arbitrary code during startup. These flaws affect everything from home routers to enterprise server hardware.
Read moreThreat actors breached Injective Labs' GitHub repo to push a malicious npm package designed to steal cryptocurrency wallet credentials. The compromised SDK package伪装成 legitimate telemetry but secretly exfiltrated sensitive user data.
Read moreProgress Software has instructed ShareFile customers to immediately shut down Storage Zone Controllers due to a credible security threat. The company has temporarily disabled access to affected accounts as a precaution.
Read moreA critical XSS flaw in Zimbra's Classic Web Client allows attackers to execute code through crafted emails. Organizations are urged to update immediately.
Read more