-
Comment and Control prompt injection vulnerabilities discovered in AI agents, including Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent. The research, spearheaded by Aonan Guan and Johns Hopkins University researchers, h…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have released full technical details and a working proof-of-concept (PoC) exploit for CVE-2025-57738, a high-severity remote code execution (RCE) vulnerability in Apache Syncope, a widely deployed open-source identity management pl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to network defenders regarding the active exploitation of Cisco Catalyst SD-WAN Manager. On April 20, 2026, CISA officially added three distinct security flaws aff…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Over 6,000 internet-facing Apache ActiveMQ servers are currently affected by a critical security flaw, leaving enterprise networks wide open to attack. The Shadowserver Foundation, a prominent nonprofit security research organization, reported finding …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have uncovered a critical vulnerability in SGLang, a widely used framework for running large language models, that allows threat actors to compromise inference servers. Tracked as CVE-2026-5760, this flaw enables Remote Code Execut…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a severe software supply chain compromise affecting the widely used Axios node package manager (npm). Axios is a highly popular JavaScript library that dev…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The popular AI application builder, Lovable, is currently facing a massive data breach due to an unpatched API vulnerability. Security researchers have revealed that a critical flaw exposes sensitive project data, source code, and user credentials for …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical, systemic vulnerability discovered in Anthropic’s Model Context Protocol (MCP) has exposed over 150 million downloads and up to 200,000 servers to complete takeover, according to research published April 15, 2026, by the OX Security Re…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are actively exploiting a critical vulnerability in TBK digital video recorder (DVR) devices to deploy a new Mirai-based botnet called Nexcorium. The campaign leverages CVE-2024-3721, an OS command injection vulnerability, highlighting how poor…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In the cybersecurity community, we often assume that simply reading a text file using a command like cat is a perfectly safe operation. However, security researchers have recently demonstrated that doing so inside the popular iTerm2 macOS terminal emul…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
