A critical security vulnerability in Google's Gemini CLI tool allowed attackers to execute malicious commands on developers' systems without detection, potentially exposing sensitive credentials and compromising entire development environments.
The vulnerability, discovered by cybersecurity firm Tracebit just two days after the tool's release, has...
A critical security vulnerability has been discovered in CodeIgniter4's ImageMagick handler that could allow attackers to execute arbitrary commands on web servers through malicious file uploads and text processing operations.
The vulnerability, identified as CVE-2025-54418 with a maximum CVSS score of 9.8, affects all...
A critical macOS vulnerability that enables attackers to steal sensitive private data normally protected by Apple's Transparency, Consent, and Control (TCC) framework.
The vulnerability, dubbed "Sploitlight," exploits Spotlight plugins to access protected files including those in the Downloads folder and Apple Intelligence caches containing...
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting PaperCut NG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, warning that the vulnerability is being actively exploited in the wild.
The vulnerability, tracked as CVE-2023-2533, represents a...
A critical security vulnerability in the popular Post SMTP WordPress plugin has left over 400,000 websites exposed to potential account takeover attacks, allowing even the lowest-privileged users to gain administrator access and achieve full site control.
The vulnerability, tracked as CVE-2025-24000, stems from broken...
Amazon Web Services has addressed a critical security vulnerability in its Client VPN software for Windows that could allow attackers to escalate privileges during the installation process.
The vulnerability, designated CVE-2025-8069, affects multiple versions of the popular remote access solution and has prompted AWS...