


GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
Read More Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab’s artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be...
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
Read More A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. “UAT-6382 successfully exploited CVE-2025-0944,...
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
Read More A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). “The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced...