A new study reveals that 71% of SOCs report little to no value from AI despite massive adoption growth across all categories of security AI tools.
The Miasma worm has compromised 73 Microsoft GitHub repositories across four organizations, with attackers exploiting previously compromised credentials to spread…
Threat actors are actively exploiting a critical vulnerability in the Everest Forms Pro WordPress plugin to inject arbitrary PHP code…
The critical Edge vulnerability exploits a path validation defect in feedback log processing, enabling code execution through compromised webpages or…
A Microsoft 365 service glitch caused a caching failure that made managed Windows devices appear unenrolled, allowing automatic driver installations…
Attackers are using cloned websites for Ghidra, dnSpy, and SpiderFoot to funnel security researchers through a traffic filtering system that…
A new China linked threat group called OP-512 is using three custom web shells with timestamp manipulation to compromise Microsoft…
A coordinated phishing campaign using over 300 cloned FIFA sites is targeting fans ahead of the 2026 World Cup, aiming…
Cisco warns that a high severity command injection flaw in Catalyst SD WAN Manager is under active exploitation, with no…
An autonomous AI agent found 21 previously undetected flaws in the FFmpeg media library, including a bug that had remained…
A newly patched SharePoint vulnerability lets authenticated users with basic permissions execute code remotely on servers, prompting Microsoft to push fixes across multiple product versions.
The new MTC design replaces bulky serialized certificate chains with compact tree proofs to avoid performance degradation in TLS handshakes.
A CRLF injection flaw in Laravel lets attackers alter outbound emails by injecting control characters into user supplied addresses, with…
A new exploit in the widely used Transformers library lets attackers execute code by uploading malicious model files that appear…
An unauthorized cryptominer was distributed to some Hola Browser for Windows users through a compromised update pipeline discovered during routine certification testing.
A permission bypass in the Claude Code GitHub Action let attackers inject malicious prompts through GitHub issues to steal repository secrets.
ESET discovered the Asin Android spyware targeting Arabic speakers through fake government news sites, PDF editors, and war map applications promoted on social media.
Government agencies warn that hackers are exploiting vulnerabilities in internet connected fuel tank monitoring systems to alter settings and disable safety alerts.
HexStrike v6.0 turns Claude and GPT into autonomous red team operators with 127 tools and a multilayered antivirus evasion engine…
Dashlane confirms attackers brute-forced 2FA tokens to download encrypted password vaults from fewer than 20 users, but encrypted data remains…
Researchers found that basic obfuscation and packaging tricks can defeat AI skill detection systems from ClawHub, Cisco, and Vercel, enabling…
A critical API flaw on a bank's third party mortgage portal exposed data for all institutions on the platform, revealing…
Attackers accessed a UN food agency's registration system in mid-May, stealing sensitive personal information from hundreds of thousands of Palestinian…
A popular underground forum tutorial is teaching novice hackers a complete workflow for scanning, exploiting, and monetizing software vulnerabilities using…
