Security Boulevard

When Proxies Become the Attack Vectors in Web Architectures

Many Reverse proxy attack vectors expose a flawed assumption in modern web architectures that backends can blindly trust security-critical headers from upstream reverse proxies. This assumption breaks ...
The Hacker News

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

SAP patches two critical flaws (CVSS 9.8, 9.1) affecting FS-QUO and NetWeaver, preventing remote code execution risks in enterprise systems.
Security Boulevard

When Proxies Become Attack Vectors Through Header Injection

This assumption breaks down because HTTP RFC flexibility allows different servers to interpret the same header field in fundamentally different ways, creating exploitable gaps that attackers are ...

Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers

A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...
The New York Times

DOGE Employees Shared Social Security Data, Court Filing Shows

Employees detailed to the Social Security Administration shared sensitive data through a nonsecure server, the Justice Department disclosed. By Eileen Sullivan Reporting from Washington Employees with ...
CNN

DOGE shared Social Security data to unauthorized server, according to court filing

A Department of Government Efficiency employee shared Social Security data without agency officials’ knowledge and in violation of security protocols, the Justice Department said in a court filing ...
CSOonline

Hidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fix

Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy classes also accept non-HTTP URLs, a behavior developers are responsible to ...
Dark Reading

Apache Issues Max-Severity Tika CVE After Patch Miss

The Apache Software Foundation (ASF) has issued a new CVE identifier for a critical security flaw in Apache Tika because its original vulnerability disclosure failed to capture the full extent of ...
Hosted on MSN

Microsoft issues emergency Windows server security patch - update now or risk attack

Microsoft issues emergency patch for a critical WSUS flaw enabling remote code execution CVE-2025-59287 allows unauthenticated attackers to gain SYSTEM privileges without user interaction An ...
Infosecurity-magazine.com

Malicious AI Agent Server Reportedly Steals Emails

A popular Model Context Protocol (MCP) server used to deploy AI agents has turned malicious in one of its latest updates, according to Koi Security. This engine, called Postmark MCP Server, has ...