Security researchers at JFrog uncovered three critical zero-day flaws in PickleScan, a key tool for detecting malware in Python pickle-based machine learning models, such as those in PyTorch.
These issues let attackers slip past scans and run harmful code when users load tainted models...
Security researchers have released React Server Components Surface Exposure Scanner, a free tool to detect exposed endpoints vulnerable to CVE-2025-55182.
This critical remote code execution (RCE) flaw in React Server Components (RSC) affects Next.js apps using React 19.
With a perfect CVSS score of...
Security researcher Lucas Laise from Quarkslab discovered a serious privilege escalation vulnerability in K7 Ultimate Security, an antivirus software from K7 Computing.
Low-privileged users can exploit permissive named pipes to modify registry keys and execute code as SYSTEM without prompting for User Account Control....
A critical remote code execution flaw, tracked as CVE-2025-55182 and dubbed React2Shell, affects React Server Components in the React 19 ecosystem and popular frameworks like Next.js.
Attackers can exploit it via unauthenticated HTTP requests to execute arbitrary code on servers, rated at CVSS 10.0....
Attackers have abused CVE-2025-9491, a flaw in how Windows displays shortcut file properties, since 2017, to hide malicious commands in .LNK files during real-world campaigns.
This issue, tracked as ZDI-25-148 or ZDI-CAN-25373, allows threat actors to craft shortcuts that appear benign when users check their...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert for a remote code execution (RCE) vulnerability in Industrial Video & Control's Longwatch software.
Released on December 2, 2025, as ICSA-25-336-01, the flaw affects video surveillance and monitoring systems used in...