CSOonline

SSRF attacks explained and how to defend against them

Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. The name itself implies that a request that should have otherwise been made ...
Threat Post

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts

Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. A server-side ...
Dark Reading

Microsoft Patches 4 SSRF Flaws in Separate Azure Cloud Services

Microsoft has fixed vulnerabilities in four separate services of its Azure cloud platform, two of which could have allowed attackers to perform a server-side request forgery (SSRF) attack — and thus ...
Security Boulevard

Attackers Probing Popular LLMs Looking for Access to APIs: Report

Security researchers with GreyNoise say they've detected a campaign in which the threat actors are targeting more than 70 popular AI LLM models in a likely reconnaissance mission that will feed into ...

Hackers target misconfigured proxies to access paid LLM services

Threat actors are systematically hunting for misconfigured proxy servers that could provide access to commercial large ...
Computer Weekly

SSRF attacks hit 100,000 businesses globally since November

Security teams are warned to be on the lookout for a growing wave of opportunistic and largely untargeted cyber attacks exploiting two related exploit chains to target Microsoft Exchange servers. This ...
CSOonline

Commvault warns of critical Command Center flaw

Commvault is warning customers of a critical vulnerability affecting Command Center, a web-based management console for its data protection and backup offerings. The flaw, tracked as CV-2025-34028, ...