A critical vulnerability in 7-Zip, tracked as CVE-2025-11001, has raised alarms in the cybersecurity community due to its potential for remote code execution through mishandled symbolic links in ZIP files.
This flaw affects all versions of the popular open-source file archiver before 25.00, allowing...
Earlier this year, cybersecurity researcher Aaron Costello uncovered a critical flaw in ServiceNow's Now Assist AI platform that enables hackers to perform second-order prompt-injection attacks.
These attacks exploit default settings, allowing malicious actors to trick AI agents into executing unauthorized actions, such as reading...
AI coding assistants like Cline Bot promise to boost developer productivity. However, recent research reveals serious security gaps that could turn these tools into attack vectors.
Security firm Mindgard uncovered four vulnerabilities in the open-source Cline extension during a short audit in August 2025,...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical OS command injection vulnerability in Fortinet's FortiWeb web application firewall to its Known Exploited Vulnerabilities (KEV) catalog.
This flaw, tracked as CVE-2025-58034, allows authenticated attackers to execute arbitrary code on affected systems...
WhatsApp, the world's most popular messaging app with 3.5 billion active users as of early 2025, has been exposed to a major privacy flaw that allowed researchers to scrape phone numbers and profile data on a massive scale.
Security experts from the University of...
D-Link has disclosed four critical vulnerabilities in its DIR-878 router series, which reached end-of-life status over four years ago, allowing attackers to execute remote code without authentication.
These flaws affect all hardware revisions and firmware versions worldwide, posing severe risks to users still relying...