Latest IntelligenceVulnerabilitiesPage 8
Search by keyword →
SAP Patches Critical S/4HANA, Commerce Vulnerabilities
The flaws could allow attackers to inject malicious code, leading to information disclosure and code execution. The post SAP Patches Critical S/4HANA, Commerce ...
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
A large-scale software supply-chain attack involving the "Shai-Hulud" malware has compromised hundreds of packages across open-source software ecosystems. [...]...
Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
Curl’s lead developer says Mythos claims are marketing, but many in the industry believe the results stem from Curl’s robust security. The post Claude Mythos Fi...
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem....
Claude’s Chrome Extension Vulnerability Allows Malicious Extensions to Steal Gmail and Drive Data
Researchers have exposed a catastrophic vulnerability hiding inside the “Claude in Chrome” extension. By weaponizing an otherwise harmless, zero-per...
Critical PHP SOAP Extension Vulnerabilities Enables Remote Code Execution Attacks
A serious cluster of vulnerabilities has been uncovered in PHP’s core string processing and ext-soap components, putting numerous web servers at immediate...
TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack
A supply chain attack that started with a relatively obscure open-source scanner has now reached one of the most widely used application security tools in the i...
PoC Exploit Released for Android Zero-Click Vulnerability that Enables Remote Shell Access
In a chilling blow to mobile security, Google’s May 2026 Android Security Bulletin has unmasked a catastrophic zero-click vulnerability lurking within the...
PoC Exploit Released for Android 0-Click Vulnerability that Enables Remote Shell Access
Google’s May 2026 Android Security Bulletin has revealed a critical zero-click vulnerability in the core Android System. The CVE-2026-0073 flaw in Android...
OpenAI Daybreak Automates Vulnerability Detection and Fixing
OpenAI has introduced Daybreak, a strategic initiative to change how modern software is built and defended against emerging threats. Moving away from traditiona...
OpenAI Daybreak Automates Detects and Fix Vulnerabilities Automatically
OpenAI has introduced Daybreak, a strategic initiative to change how modern software is built and defended against emerging threats. Moving away from traditiona...
New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks Within 5 Minutes
A new tool, BitUnlocker, reveals a practical downgrade attack against Microsoft’s BitLocker encryption, allowing attackers with physical access to decrypt...
New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks in 5 Minutes
A new tool, BitUnlocker, reveals a practical downgrade attack against Microsoft’s BitLocker encryption, allowing attackers with physical access to decrypt...
Hackers Abuse CVE-2026-41940 to Take Over cPanel and WHM Servers
A fatal authentication bypass vulnerability is actively affecting cPanel and WebHost Manager (WHM) servers worldwide. Tracked as CVE-2026-41940 and bearing an a...
California hits GM with record $12.75M fine for selling driver location data
California Attorney General Rob Bonta and a coalition of state prosecutors have secured a $12.75 million settlement with General Motors over the automaker’s col...
Google says cybercriminals used AI to develop zero-day exploit
Google Threat Intelligence Group (GTIG) says it has identified what it believes is the first known case of cybercriminals using artificial intelligence to help ...
Google Warns of Hackers Using AI to Create Working Zero-Day Exploit
Google Threat Intelligence Group recently published an alarming report detailing the rapid industrialization of generative artificial intelligence in adversaria...
Instructure confirms hackers used Canvas flaw to deface portals
Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message...
Hackers Use Fake DeepSeek TUI GitHub Repositories to Deliver Malware
Hackers are once again targeting developers and AI enthusiasts by impersonating popular open-source tools on GitHub. This time, the target is DeepSeek TUI, a le...
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation....