Security Boulevard

Top CVEs of December 2025

December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...
CSO Online

Open WebUI bug turns ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...
New Scientist

Passwords will be on the way out in 2026 as passkeys take over

The curse of having to remember easily hackable passwords may soon be over, as a new alternative is set to take over in 2026 ...

These 3 Passwords Can Get You Hacked: Michael, Football And Superman

Spiderman is already a hacker favourite, used in a phishing attack framework that’s hired out to cybercriminals. However, it ...
CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not ...
SecurityWeek

Critical Vulnerability Patched in jsPDF

A jsPDF vulnerability tracked as CVE-2025-68428 could allow attackers to read arbitrary files, exposing configurations and ...

Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack

Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is ...
The Hacker News

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...
CoinJournal

Fake MetaMask 2FA phishing scam uses polished design to steal wallet seed phrases

MetaMask users are facing a renewed phishing threat as attackers deploy realistic two-factor authentication flows.