A serious command injection vulnerability in Cacti, a popular open-source network monitoring tool, allows authenticated attackers to execute arbitrary commands…
Security firm Aikido Security uncovered PromptPwnd, a flaw in GitHub Actions and GitLab CI/CD pipelines linked to AI agents. This…
Security researcher Lyra Rebane has uncovered a powerful new clickjacking technique using SVG filters. This method, dubbed "SVG clickjacking," overlays…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2021-26828 to its Known Exploited Vulnerabilities (KEV) catalog on December 3,…
Security researchers chained three vulnerabilities in Synology BeeStation devices to enable unauthenticated attackers to remotely gain root access. Demonstrated initially…
Security researchers at JFrog uncovered three critical zero-day flaws in PickleScan, a key tool for detecting malware in Python pickle-based…
Kohler Health launched Dekoda in October 2025, a $600 device (plus a monthly subscription) that clips onto your toilet rim.…
Security researcher Lucas Laise from Quarkslab discovered a serious privilege escalation vulnerability in K7 Ultimate Security, an antivirus software from…
A critical remote code execution flaw, tracked as CVE-2025-55182 and dubbed React2Shell, affects React Server Components in the React 19…
Attackers have abused CVE-2025-9491, a flaw in how Windows displays shortcut file properties, since 2017, to hide malicious commands in…