Security Boulevard

From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting

We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API ...
The Hacker News

Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files

Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting ...
SecurityWeek

Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks

Microsoft announced that the preview feature is now disabled in Windows’s File Explorer for files downloaded from the ...
HealthcareInfoSecurity

Hackers Exploit LFI Flaw in File-Sharing Platforms

Hackers are exploiting a flaw allowing them to access without authentication document root folder files in file-sharing and ...

Experts warn Gladinet file sharing tool flaw prompts dangerous cyberattacks - and there's no patch

The flaw is described as an “unauthenticated local file inclusion vulnerability that allows threat actors to retrieve machine ...
The Hacker News

PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign

Researchers detail PolarEdge TLS ELF backdoor targeting Cisco, ASUS, QNAP and Synology routers; config obfuscated with XOR ...
XDA Developers on MSN

This Docker app gives you a full-fledged file manager over SSH

I f you've spent a serious amount of time managing servers, SSH is basically an essential tool. You know the drill. SSH into ...

Gladinet fixes actively exploited zero-day in file-sharing software

Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability ...
SecurityWeek

Gladinet Patches Exploited CentreStack Vulnerability

Gladinet this week released patches for a CentreStack vulnerability that has been exploited in the wild since at least late September.
CSO Online

October 2025 Patch Tuesday: Holes in Windows Server Update Service and an ancient modem driver

Admins are urged to immediately patch actively exploited vulnerabilities, including those in the legacy Agere modem driver in ...

Attackers Weaponizing Unpatched SharePoint Zero-Days: Total Takeover Without Logging In

Cybersecurity today requires more than access control—it demands continuous validation, proactive monitoring and rapid ...

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws

Today is Microsoft' 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day vulnerabilities. Get patching!