In-depth coverage of the latest Vulnerabilities & CVEs developments, trends, and analysis — curated daily.
What if your most trusted HTTP client just became a backdoor? The Axios NPM package was compromised this week in a surgical hit, with signs pointing to North Korean actors.
Ever wonder why your shiny next-gen firewall lets the first 5KB of hacker traffic sail through? It's not a bug—it's the feature killing your data exfiltration defenses.
Imagine a hacker quietly stealing certificates for your top execs, good for years of backdoor access. CVE-2026-20929 makes it dead simple via DNS tricks—your AD setup's nightmare.
AI coding assistants cranked out 16 billion lines of code in 2023 alone. That's forcing a frantic rethink in application security, says Black Duck's Jason Schmitt.
Your next browser login could hand hackers remote control—without them ever cracking it on your PC. Storm infostealer just upped the ante on credential theft.
Your next PyPI download could hand hackers your cloud keys. TeamPCP's blending supply chain hacks with extortion gangs, turning dev tools into ransomware launchpads.
1,500 engineers inside WhatsApp could peek at your encrypted chats — without a trace. A bombshell lawsuit from the ex-security boss says Meta knew and did nothing.
A practical guide to the vulnerability management lifecycle covering asset discovery, scanning, prioritization, remediation, verification, and program metrics.
Penetration testing systematically probes an organization's defenses to find vulnerabilities before attackers do. Understanding the methodology ensures thorough, consistent, and valuable assessments.
The OWASP Top 10 identifies the most critical security risks facing web applications. Understanding each vulnerability category is essential for developers and security teams.