Security research, vulnerability advisories, and threat analysis from the Gatlab Security Team.
CVE digests, threat intelligence, security tutorials, and research from PT Global Adicita Teknologi. Everything you need to stay ahead of attackers.
Top CRITICAL & HIGH CVEs this week: CVE-2026-6643, CVE-2026-6644, CVE-2026-5963 and more.
CISA's annual list of most exploited vulnerabilities reveals attackers are consistently targeting known flaws in perimeter devices, VPNs, and web applications. Here's what you need to know.
Gatlab Security Advisory: Cisco IOS XE management interface vulnerabilities allow unauthenticated attackers to create privileged accounts. Over 50,000 devices remain unpatched and internet-exposed.
Russia's APT29 (Cozy Bear) is conducting a sophisticated spear-phishing campaign against European embassies using wine-tasting event lures and a new malware loader called WINELOADER.
A stack-based buffer overflow in Ivanti Connect Secure allows unauthenticated remote code execution. CISA confirms active exploitation in the wild. Patch immediately.
Step-by-step guide to deploying Wazuh — the open-source SIEM and XDR platform — on a single server, enrolling agents, and writing your first detection rules.
A use-after-free vulnerability in Apple's Core Media framework allows a malicious application to elevate privileges. Apple confirms active exploitation against iOS versions prior to 17.2.
A technical research breakdown of how memory corruption vulnerabilities in browsers are discovered, exploited, and chained to achieve full system compromise in modern web browsers.
A healthcare provider suffered a massive data breach affecting 10 million patients after attackers exploited an unpatched Ivanti VPN vulnerability. HIPAA violations expected, $50M+ in fines projected.
Multiple critical vulnerabilities in popular WordPress plugins are being mass-exploited by automated bots. Sites running LiteSpeed Cache, Elementor Pro, and WP Fastest Cache should update immediately.
A comprehensive technical analysis of the BlackCat/ALPHV ransomware-as-a-service operation, including TTPs, encryption mechanisms, and effective defensive countermeasures.
A hands-on introduction to Burp Suite Community Edition — setting up your proxy, intercepting requests, using Repeater, and finding your first web vulnerability.
A deep technical analysis of the XZ Utils backdoor (CVE-2024-3094) — how a sophisticated 2-year social engineering campaign nearly compromised most Linux systems globally.
Indonesia's national cybersecurity agency BSSN is conducting its largest-ever cyber drill involving 300+ government agencies and critical infrastructure operators. Preparation guide and key dates inside.
An authentication bypass vulnerability in Fortinet FortiOS management interface allows attackers to gain super-admin privileges. Over 15,000 firewalls confirmed compromised globally.
Critical unauthenticated remote code execution vulnerabilities in VMware vCenter Server are being exploited by ransomware groups to compromise entire virtualized infrastructures.
Learn to write effective YARA rules from scratch — from basic string matching to advanced conditions, byte patterns, and PE module usage for detecting malware families.
North Korea's Lazarus Group executed the largest cryptocurrency theft in history by compromising a developer's machine via a fake job interview. We break down the full attack chain.
Research findings on how threat actors leverage large language models to generate hyper-personalized phishing emails, bypass spam filters, and scale spear-phishing attacks previously requiring manual effort.
A command injection vulnerability in Palo Alto Networks PAN-OS GlobalProtect gateway enables unauthenticated remote code execution. CISA confirms active exploitation by state-sponsored actors.
A critical zero-click vulnerability in Windows OLE allows remote code execution simply by previewing a malicious email in Outlook. No user interaction required.
Master Wireshark for security analysis — capture filters, display filters, following streams, detecting port scans, and identifying C2 traffic in network captures.
Chinese APT Salt Typhoon breached at least 9 major US telecommunications providers, accessing wiretap systems and senior officials' communications. A deep dive into the TTPs and geopolitical implications.
A technical examination of how attackers use DNS as a covert command-and-control channel, the encoding techniques employed, and proven detection methods for defenders.
The EU's NIS2 Directive entered full enforcement in 2025 with penalties of up to €10M or 2% of global revenue. We break down who's covered, what's required, and how to comply.
CVE-2024-6387 (regreSSHion) is a race condition in OpenSSH's signal handler that allows unauthenticated remote code execution as root. Affects 14 million internet-exposed servers.
CISA, NSA, and FBI jointly warn that Volt Typhoon has maintained persistent access to US critical infrastructure for 5+ years, pre-positioning for potential disruption during geopolitical conflict.
Everything you need to build a professional-grade security home lab for under $0 — using free virtualization, vulnerable VMs, and open-source security tools to practice real-world skills.
A practical guide to IoT firmware analysis — extracting firmware, emulating with QEMU, finding hardcoded credentials, and identifying vulnerable services using open-source tools.
