Cybersecurity
Vercel Breach Exposes Dangers of OAuth Integration Risk
A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach shows a compromised OAuth app can lea
#vulnerability
47 articles
Cybersecurity
GitHub Patches Critical RCE Vulnerability Affecting Private Repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private re
Cybersecurity
LMDeploy Vulnerability Exploited Within Hours of Release
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild l
Cybersecurity
Critical LiteLLM Vulnerability Exploited in Active Attacks
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked
Cybersecurity
Microsoft Releases Emergency Patch for Critical ASP.NET Core Flaw
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerab
Cybersecurity
Critical Terrarium Sandbox Flaw Allows Root Code Execution
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability
Science & Tech
Microsoft Releases Emergency Patch for ASP.NET Flaw on macOS and Linux
When authentication fails, things can go very, very wrong.
Cybersecurity
Google Fixes Critical Prompt Injection Flaw in Antigravity IDE
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to
Cybersecurity
Attackers Exploit Trusted Tools to Breach Systems
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefl
Cybersecurity
Critical Design Flaw in Model Context Protocol Risks AI Supply Chain
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote
Science & Tech
Firefox 150 Audit Reveals 271 Security Flaws Using AI
CTO says new AI model is "every bit as capable" as world's best security researchers.
Cybersecurity
Critical Linux Vulnerability Allows Unauthorized Root Access
A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain roo
Science & Tech
Express Fashion Retailer Exposed Customer Data Online
Retail giant Express was publicly spilling customer information to the open web. The bug is now fixed after TechCrunch alerted Express, but the company would no
Cybersecurity
Nexcorium Mirai Variant Targets DVRs in Growing Botnet Campaign
Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, accor
Cybersecurity
Microsoft Defender Zero-Days Under Active Attack
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised s
Cybersecurity
Critical WordPress Plugin Flaw Exposes Sites to File Upload Attacks
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without au
Cybersecurity
Checkmarx KICS Tool Compromised in Supply Chain Attack
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environment
Cybersecurity
Banking Sessions Hijacked: Taboola's Hidden Redirect to Temu
A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s know
Cybersecurity
CISA Orders Federal Agencies to Patch Critical Microsoft Defender Flaw
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks.
Cybersecurity
Critical nginx-ui Flaw Under Active Attack
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the
Cybersecurity
Critical Composer Flaws Allow Arbitrary Code Execution
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could res
Cybersecurity
1,300+ Microsoft SharePoint Servers at Risk From Spoofing Flaw
Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abu
Science & Tech
Anthropic's Mythos AI Model Raises Security Concerns
Cyberdefenses could be exposed faster than fixes could be deployed.
Cybersecurity
Microsoft Issues Emergency Patches for Critical ASP.NET Core Flaw
Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. [...]
Cybersecurity
Critical ShowDoc Flaw Under Active Attack
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation i
Cybersecurity
CISA Issues Urgent Warning on SD-WAN Flaw Under Active Attack
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploite
Cybersecurity
6,400 Apache ActiveMQ Servers Under Active Attack
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-se
Cybersecurity
Security Threats Surge: Legacy Flaws Meet Modern Attack Methods
Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilitie
Cybersecurity
Critical Protobuf.js Flaw Exposes JavaScript Apps to Remote Code Execution
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's P
Science & Tech
Adobe Patches Critical PDF Vulnerability Exploited Since November
It's not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were targeting victims since at least Novem
Cybersecurity
CISA Alerts on Active Exploitation of Apache ActiveMQ Flaw
CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13
Cybersecurity
Windows Zero-Days Under Active Exploitation
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions.
Cybersecurity
Critical Marimo Flaw Exploited to Deploy NKAbuse Malware
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [..
Cybersecurity
Critical Flowise Flaw Exploited; 12K+ AI Instances at Risk
Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from V
Cybersecurity
Critical Nginx UI Flaw Exploited for Server Takeover
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authenticatio
Cybersecurity
Docker Engine Flaw Exposes Critical Authorization Bypass Risk
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under spec
Cybersecurity
Major Tech Firms Rush to Patch Record Security Bugs
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vul
Cybersecurity
Microsoft Rewards Security Researchers With $2.3M
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking contest. [...]
Cybersecurity
Critical Windows Task Host Flaw Under Active Attack
CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain S
Cybersecurity
China-Linked Hackers Exploit Zero-Days to Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilitie
Cybersecurity
Microsoft Patches 167 Vulnerabilities in April Security Update
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a Shar
Cybersecurity
Microsoft Patches 167 Vulnerabilities in April 2026 Update
Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. [...]
Cybersecurity
Critical wolfSSL Vulnerability Allows Forged Digital Certificates
A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic C
Cybersecurity
Adobe Patches Critical Acrobat Reader Zero-Day Flaw
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attack
Cybersecurity
Adobe Reader Zero-Day Actively Exploited via Malicious PDFs
Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December&n
Cybersecurity
Marimo Python Notebook Tool Hit by Active RCE Exploit
A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. [...]
Cybersecurity
Adobe Reader Zero-Day Under Active Exploit Since December
Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [...]