-
A critical pre-authentication SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in the popular LiteLLM gateway, allowing attackers to access databases without credentials. Cybercriminals have already been observed exploitin…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new string injection vulnerability, tracked as CVE-2026-3008, has been discovered in Notepad++ version 8.9.3. This critical flaw allows attackers to crash the application or to instantly and secretly extract sensitive memory information. The Cybersec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenClaw, a rapidly adopted open-source autonomous AI agent framework, has released critical security updates to address three moderate-severity vulnerabilities. Found in npm package versions before 2026.4.20, these complex flaws expose systems to seve…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has rolled out urgent security updates for its Gemini CLI and the accompanying GitHub Action to address a critical vulnerability. Tracked as GHSA-wpqr-6v78-jr5g, this flaw exposes continuous integration and continuous deployment (CI/CD) pipeline…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tenable has disclosed a high-severity security vulnerability in its Nessus Agent software for Windows that could allow attackers to execute malicious code with full SYSTEM-level privileges. The flaw, tracked as CVE-2026-33694, has been patched in the n…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recently discovered application called Vibing.exe has raised major privacy and security alarms after researchers caught it stealthily recording user screens and audio. Originally available on the Microsoft Store as an AI productivity interface, the a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Nozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industria…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A state-sponsored threat actor known as UAT-4356 is actively exploiting known vulnerabilities in Cisco Firepower devices to deploy a sophisticated custom backdoor. UAT-4356 exploited two n-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362m affecti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been identified in Hangzhou Xiongmai Technology’s XM530 IP Cameras, putting countless commercial facilities at risk. This severe flaw allows remote attackers to bypass authentication protocols and access sens…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
