In-depth coverage of the latest Vulnerabilities & CVEs developments, trends, and analysis — curated daily.
Everyone figured AI would supercharge defenders. Anthropic's Mythos Preview flips the script—it's an exploit machine handing hackers a cheat code. Buckle up.
Picture this: your doctor's pulling up your X-ray, and bam — the server crashes from a sneaky hack. Orthanc DICOM vulnerabilities just turned medical imaging into a hacker playground.
Forget shadow AI in SaaS. The real unchecked threat? AI browser extensions lurking in 99% of enterprise browsers, slurping data without a trace. LayerX's report just lit the fuse.
Imagine whispering secrets to Siri, only for hackers to hijack the conversation. New attacks on Apple Intelligence expose your health data and photos to sneaky AI tricks.
Chrome 147 dropped with patches for 60 vulnerabilities, but the real shocker? Two critical WebML holes that netted researchers $86,000. This isn't routine housekeeping—it's a warning about browser ML's fragile underbelly.
Ever wonder why finding bugs got easy, but fixing them? Hell. HackerOne's pausing bounties because AI's flooding the pipe, and no one's paying to unclog it.
Your company's routers just got a wake-up call. Juniper's patching 36 holes in Junos OS that scream 'hack me,' from default passwords to root escalations.
Chaotic Eclipse just unleashed BlueHammer—a Windows zero-day PoC for full system takeover. Microsoft's slow disclosure? It's fueling researcher rage and real risks.
Fake invoices disguised as Russian oil payments have been slipping through defenses, exploiting an unpatched Adobe Reader zero-day since late 2025. Security pros spotted the first traces on VirusTotal, but the real damage? It's already underway.
Anthropic drops Mythos Preview: an AI that roots out zero-days faster than human hackers. Guardrails? Sure. But history screams skepticism.
Picture this: your WordPress site, humming along with Ninja Forms handling uploads securely—or so you thought. A single overlooked check turns it into hacker playground, CVSS 9.8 style.
Hackers didn't blink. Nine hours after Marimo's critical RCE disclosure, they were in — stealing creds from a honeypot. Open-source speed meets attacker hustle.