Today marks Microsoft’s Patch Tuesday for May 2025, addressing a total of 78 vulnerabilities. Among these, a few are actively being exploited. Most require the attacker to have local access, but one can be executed remotely if the attacker tricks…

Several years ago, a security researcher discovered a vulnerability in Google Chrome that allowed fake domains to bypass the browser's security measures. The researcher registered a domain that appeared as "xn--80ak6aa92e.com" but displayed as "apple.com" in the browser, demonstrating how…

The concept of responsible disclosure is a simple one. If you find a vulnerability, you let the affected organization or software vendor know before making the information public. This gives them time to patch the vulnerability before it can be…

Outpost24 analysts recently discovered a critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. The vulnerability has a CVSSv3.1 score of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8). We reached out to MITRE for a CVE on 13th March 2025 and were within an agreed…