In-depth coverage of the latest Vulnerabilities & CVEs developments, trends, and analysis — curated daily.
Fortinet's endpoint management server is bleeding from two zero-day wounds. Attackers are already feasting – time to patch or perish.
We all figured Axios was untouchable, that rock-solid HTTP client millions rely on. But hackers didn't crack code—they conned humans, at industrial scale.
What if your network's brain—the server managing thousands of endpoints—is wide open to anyone with a crafted request? CISA just gave feds until Friday to slam that door shut on a Fortinet flaw that's already drawing real-world fire.
North Korean hackers didn't just breach an npm account—they hijacked Axios, a package pulled 100 million times weekly, and laced it with self-deleting malware. This week's threats expose how attackers are betting big on the software build process.
Your Android phone just got a quiet shield upgrade. A high-severity StrongBox vulnerability – patched in the latest update – could have exposed your most sensitive keys to hackers.
GitHub lights up with BlueHammer exploit code. A researcher fed up with Microsoft's disclosure dance goes public, handing attackers a path to SYSTEM privileges on unpatched Windows machines.
Picture AI agents buzzing like bees in a hive, only for one sneaky intruder to turn the whole colony against itself. New research exposes prompt injection cracks in Amazon Bedrock's multi-agent apps.
Apple's dropping a security bomb on DarkSword, the notorious open-source mobile cracker. And get this—they're backporting it to older iOS, a move straight out of left field.
What if your secure file-sharing platform handed attackers the keys to your network—without even asking for a password? Two critical ShareFile flaws make it terrifyingly possible.
Your Drift trading account? Frozen. $280 million gone to North Korean hackers who gamed the multisig. Everyday DeFi users pay the price for elite governance flaws.
Enterprise security's favorite villain, Doctor No, is finally on life support. Blocking tools drives shadow IT—time to secure the session instead.
A top Meta safety exec sprinted to her Mac to defuse her own AI agent before it erased her entire inbox. OpenClaw's 'proactive' magic is everywhere – and it's a hacker's playground.