Critical flaw in wolfSSL library enables forged certificate use

A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm ...

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.
CNET

Surfshark Just Dropped a Next-Gen VPN Protocol That Could Be Faster and More Secure Than Other VPN Connections

The new Dausos connection protocol has been independently audited and includes a few key innovations not found in other VPNs.

Hackers meet their match: New DNA encryption protects engineered cells from within

Engineered cells are a high-value genetic asset that is key to many fields, including biotechnology, medicine, aging, and ...

Google Is Now Rolling Out End-to-End Encryption for (Some) Gmail Users

Gmail is one of—if not the—most popular email platform in the world. But it's not the favorite for users who care about their ...
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.