Security researcher Lyra Rebane has uncovered a powerful new clickjacking technique using SVG filters.
This method, dubbed "SVG clickjacking," overlays interactive fake interfaces on cross-origin iframes to trick users into performing complex actions, such as filling out forms or entering data.
Traditional clickjacking hides buttons...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2021-26828 to its Known Exploited Vulnerabilities (KEV) catalog on December 3, 2025, confirming active exploitation in the wild.
This flaw affects OpenPLC ScadaBR, an open-source supervisory control and data acquisition (SCADA) platform used in industrial...
Security researchers chained three vulnerabilities in Synology BeeStation devices to enable unauthenticated attackers to remotely gain root access.
Demonstrated initially at Pwn2Own 2024 by DEVCORE, independent analyst kiddo-pwn published an N-day exploit highlighting a creative SQLite injection method targeting the cron task scheduler.
Vulnerability Chain
The...
Security researchers at JFrog uncovered three critical zero-day flaws in PickleScan, a key tool for detecting malware in Python pickle-based machine learning models, such as those in PyTorch.
These issues let attackers slip past scans and run harmful code when users load tainted models...
Kohler Health launched Dekoda in October 2025, a $600 device (plus a monthly subscription) that clips onto your toilet rim.
It uses optical sensors and a camera to capture images inside the bowl, analyzing waste to assess gut health, hydration levels, and more.
The...
Security researcher Lucas Laise from Quarkslab discovered a serious privilege escalation vulnerability in K7 Ultimate Security, an antivirus software from K7 Computing.
Low-privileged users can exploit permissive named pipes to modify registry keys and execute code as SYSTEM without prompting for User Account Control....