Authentication Bypass

The Mr_Rot13 Collective Weaponizes Critical cPanel CVE-2026-41940 to Deploy “Filemanager” RAT

2 min read

• Security

The Mr_Rot13 Collective Weaponizes Critical cPanel CVE-2026-41940 to Deploy “Filemanager” RAT

Do Son May 14, 2026

Analysts from QiAnXin XLab have illuminated the clandestine operations of the Mr_Rot13 collective, an adversarial group that...

Read More Read more about The Mr_Rot13 Collective Weaponizes Critical cPanel CVE-2026-41940 to Deploy “Filemanager” RAT

Sixty-Four Days of Silence: The cPanel Zero-Day That Compromised Millions Before a Patch Existed

2 min read

• Security

Sixty-Four Days of Silence: The cPanel Zero-Day That Compromised Millions Before a Patch Existed

Do Son May 7, 2026

A critical vulnerability within cPanel, of which server proprietors were apprised only in late April, has proven...

Read More Read more about Sixty-Four Days of Silence: The cPanel Zero-Day That Compromised Millions Before a Patch Existed

Critical Sitecore XP Flaw Allows Unauthenticated Remote Code Execution! (PoC Available)

2 min read

• Security

Critical Sitecore XP Flaw Allows Unauthenticated Remote Code Execution! (PoC Available)

Do Son June 19, 2025

A vulnerability discovered within one of the world’s most widely used enterprise-grade CMS platforms, Sitecore Experience Platform...

Read More Read more about Critical Sitecore XP Flaw Allows Unauthenticated Remote Code Execution! (PoC Available)

Critical Cisco IOS XE Flaw (CVE-2025-20188): Unauthenticated RCE Risk Exposed

3 min read

• Security

Critical Cisco IOS XE Flaw (CVE-2025-20188): Unauthenticated RCE Risk Exposed

Do Son June 3, 2025

The technical details of one of the most perilous vulnerabilities of 2025—CVE-2025-20188—have now been made publicly available....

Read More Read more about Critical Cisco IOS XE Flaw (CVE-2025-20188): Unauthenticated RCE Risk Exposed

Critical 0-Days (CVSS 10): Versa Concerto Flaws Risk Full System Compromise

2 min read

• Security

Critical 0-Days (CVSS 10): Versa Concerto Flaws Risk Full System Compromise

Do Son May 28, 2025

Three zero-day vulnerabilities have been discovered within the networks of major telecommunications companies with direct exposure to...

Read More Read more about Critical 0-Days (CVSS 10): Versa Concerto Flaws Risk Full System Compromise

Critical (CVSS 9.9): Samlify Flaw Allows Unauthenticated SSO Bypass

2 min read

• Security

Critical (CVSS 9.9): Samlify Flaw Allows Unauthenticated SSO Bypass

Do Son May 23, 2025

A critical vulnerability has been discovered in Samlify, a library designed to integrate SAML authentication into Node.js...

Read More Read more about Critical (CVSS 9.9): Samlify Flaw Allows Unauthenticated SSO Bypass

Double SAP Trouble: Two Critical Flaws Unleash Widespread Attacks

2 min read

• Security

Double SAP Trouble: Two Critical Flaws Unleash Widespread Attacks

Do Son May 15, 2025

The attacks targeting SAP NetWeaver servers, initially believed to stem from the exploitation of a single zero-day...

Read More Read more about Double SAP Trouble: Two Critical Flaws Unleash Widespread Attacks

Critical OttoKit Vulnerability Exploited: Hackers Gain Admin Control of WordPress Sites

2 min read

• Security

Critical OttoKit Vulnerability Exploited: Hackers Gain Admin Control of WordPress Sites

Do Son April 12, 2025

Hackers have begun exploiting a critical vulnerability in the widely used WordPress plugin OttoKit (formerly known as...

Read More Read more about Critical OttoKit Vulnerability Exploited: Hackers Gain Admin Control of WordPress Sites

Critical CrushFTP Vulnerability (CVE-2025-31161) Exploited, Added to CISA KEV Catalog

2 min read

• Security

Critical CrushFTP Vulnerability (CVE-2025-31161) Exploited, Added to CISA KEV Catalog

Do Son April 10, 2025

A critical vulnerability in the CrushFTP product, actively exploited by malicious actors, has now been added to...

Read More Read more about Critical CrushFTP Vulnerability (CVE-2025-31161) Exploited, Added to CISA KEV Catalog