§Topic · CVE & Vulnerabilities
CVE & Vulnerabilities
Newly disclosed CVEs, actively exploited vulnerabilities, and critical patches you need to apply now.
All dispatches
Loading
§Topic · CVE & Vulnerabilities
Newly disclosed CVEs, actively exploited vulnerabilities, and critical patches you need to apply now.
All dispatchesGhostcommit conceals prompt-injection payloads inside PNG images to bypass AI code reviewers and exfiltrate repo secrets.
Google's Chrome 150 fixes 27 vulnerabilities, including 13 use-after-free bugs and two critical flaws.
AI Now Institute's 'Friendly Fire' shows autonomous AI coding agents can be tricked into executing attacker code during self-approved scans.
Wiz-discovered GhostApproval symlink flaw lets six AI coding assistants run attacker-controlled code by tricking file approvals.
Threat group O UNC 066 uses phone-based phishing to trick employees into registering attacker-controlled Entra passkeys to hijack accounts.
Roundcube 1.7 patches zero-click stored XSS via crafted MIME attachments enabling remote compromise without user interaction.
ACSC warns a global campaign is exploiting CMS vulnerabilities to deploy webshells and persist on small to mid-size websites.
Vulnerabilities in cloud-connected baby monitors and cameras exposed nearly one million devices and private video data.
KDDI data breach exploited a third-party zero-day, affecting roughly 12 million users' email accounts for ISPs.
Researchers detail GodDamn ransomware's use of a signed PoisonX kernel driver to disable security tools and evade detection.
Microsoft released fixes for the RoguePlanet Defender zero-day (CVE-2026-50656), addressing privilege escalation in the Malware Protection Engine.
BeyondTrust disclosed two critical vulnerabilities in Remote Support and Privileged Remote Access that could bypass authentication.
WriteOut session isolation bug in Writer AI could leak session tokens across tenants enabling full account takeover.
China-linked actors used a Roundcube exploit chain to compromise university physics and engineering departments and harvest credentials.
Japanese teen arrested for exploiting a streaming platform flaw to fraudulently cancel over 46,000 subscriptions.
Get these articles delivered to your inbox.
Subscribe free