-
Zafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across industries, averaging 700,000 PyPI downloads monthly. …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical code injection vulnerability in the popular Node.js binary-parser library exposes applications to arbitrary JavaScript execution. CERT/CC published Vulnerability Note VU#102648 on January 20, 2026, assigning it CVE-2026-1245. The flaw affect…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors actively exploit critical Fortinet vulnerabilities CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO authentication on firewalls and proxies. These flaws allow unauthenticated attackers to craft malicious SAML messages, gaining a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cisco has warned customers of a critical zero-day vulnerability affecting several of its Unified Communications products, including Cisco Unified Communications Manager (Unified CM), Unified Communications Manager Session Management Edition (Unified CM…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated ClickFix campaign targeting Facebook users has been identified, leveraging social engineering to extract live session credentials directly from victims’ browsers. Unlike traditional phishing exploits that rely on software vulnerab…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating SymPy, one of the world’s most widely used symbolic mathematics libraries. The fraudulent package employs so…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated multi-stage malware campaign targeting Russian users, leveraging social engineering, legitimate cloud services, and native Windows functionality to achieve full system compromise without exploiting vulnerabilities. The campaign begins w…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new Android malware family dubbed “Android.Phantom” that leverages artificial intelligence to automate ad-clicking fraud while establishing a persistent command-and-control infrastructure through dual-mode operation. The mal…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated evolution of the ClearFake malware campaign has emerged, deploying advanced evasion techniques that abuse legitimate Windows components to bypass endpoint detection systems. The operation, which has compromised hundreds of websites sinc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
LockBit 5.0 affiliate panel provide unprecedented visibility into the infrastructure of one of the world’s most notorious ransomware-as-a-service (RaaS) operations. Following the high-profile Operation Cronos disruption, security researchers have…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
