-
Windows systems are once again exposed to NTLM credential leakage through a newly observed abuse of the search, URI handler, a vulnerability class closely mirroring the previously patched CVE-2026-33829 in the Snipping Tool. Windows Search URI Handler …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high-severity vulnerability in the Laravel framework could allow attackers to manipulate outbound email processing, potentially leading to unauthorized message delivery, data exposure, or the abuse of mail relays. The issue, tracked as CVE-2026-48019…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed vulnerability in GitHub’s browser-based editor, GitHub.dev, allows attackers to steal powerful OAuth tokens with just a single click, giving them read and write access to private repositories. The flaw exploits how Visual Studio Code …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fake ChatGPT desktop app ads pushed password-stealing malware by abusing trusted AI links, hiding from scanners, and tricking users into downloads.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers abused Meta’s AI support bot to hijack major Instagram accounts, bypassing security checks as videos showed the flaw before Meta fixed the issue.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in KMW CCTV security cameras could allow attackers to gain full, unauthorised access to live surveillance feeds and device settings, raising serious concerns for organisations that rely on these systems in sensitive en…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical supply chain vulnerability in Anthropic’s Claude Code GitHub Actions workflow has been disclosed, exposing thousands of repositories to potential full compromise through a single malicious GitHub issue. Security researcher Ryota K from GMO F…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert warning that threat actors are actively exploiting a critical vulnerability in Palo Alto Networks PAN-OS, tracked as CVE-2026-0257. The flaw, categorized as an …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Oracle WebLogic Server vulnerability, tracked as CVE-2024-21182, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is actively exploited in …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has disclosed a critical Android zero-day vulnerability that is reportedly being actively exploited in targeted attacks, raising serious concerns about the risk of large-scale device compromise. The issue, tracked as CVE-2025-48595, was highligh…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
