The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system.
Microsoft's prediction that attackers probably wouldn't rush to exploit a newly-patched SharePoint bug hasn't aged especially ...
Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities ...
CISA added a Microsoft SharePoint RCE flaw to its exploited bugs catalog after confirming active attacks on unpatched servers.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
A set of 13 exploits were released by the Shadow Brokers hacker group, with Microsoft providing a rapid response, downplaying ...
OS 26.5.2 security update arrives weeks early as Apple adapts to AI tools that compress vulnerability discovery into hours.
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
The critical libssh2 CVE-2026-55200 flaw inverts SSH security: the remote server attacks the connecting client, no ...
A new exploit called BioShocking convinces AI browsers they're playing a game, then gets them to hand over your private data.
Multiple Malaysian government websites have been compromised in a series of cyberattacks, the National Cyber Security Agency (NACSA) confirmed. The attacks are believed to have exploited a critical ...
Linux kernel privilege escalation exploit DirtyClone (CVE-2026-43503) is publicly documented: JFrog published a working attack walkthrough Thursday showing how any local user can gain root on ...