Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Fortinet patched 27 vulnerabilities, including two critical FortiSandbox flaws leading to authentication bypass and code ...

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this ...

An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four ...

SAP has released 19 new security notes on its April 2026 security patch day, including one that resolves a critical-severity ...

The US cybersecurity agency added the bug, tracked as CVE-2026-34197, to its Known Exploited Vulnerabilities (KEV) catalog on ...

PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

CERT-UA links the AgingFly credential-stealing campaign to phishing, browser theft, and modular remote access.

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

CERT-In flags multiple vulnerabilities in Google Chrome that could allow remote code execution and data theft, urging users ...