CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...

A critical security weakness in Atlassian Bamboo Data Center and Server has exposed a fresh risk for organisations that rely on automated software build and deployment systems, after Atlassian ...

Progress has released patches for multiple remote code execution and OS command injection flaws in MOVEit WAF and LoadMaster.

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...

Fortinet patched 27 vulnerabilities, including two critical FortiSandbox flaws leading to authentication bypass and code ...

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. An autonomous agent found, analyzed and exploited a FreeBSD kernel vulnerability in four ...

A critical vulnerability in OpenAI Group PBC’s Codex coding agent could have exposed sensitive GitHub authentication tokens through a command injection flaw, according to a new report out today from ...

Cisco’s widely deployed Catalyst 9300 Series enterprise switches have four security vulnerabilities, two of which could be chained to cause a denial-of-service outage, infrastructure security company ...