Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
Adblock for YouTube has over 11 million installations. However, it can inject script code into any page uncontrollably.
On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) ...
I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have.
The latest email threats: real Microsoft login phishing, device code scams with a kill switch, split-click attacks, and the ...
Citrix NetScaler received patches for another memory leak vulnerability similar to CitrixBleed, as well as memory overflow, file read and denial-of-service issues ...
Three popular plugins served malicious JavaScript through a compromised CDN.
Cybercriminals are launching a massive global malware campaign by hijacking WhatsApp accounts to break into users’ computers.
ShinyHunters published 297 GB of payroll, medical, and bank records for more than 10,000 employees after the June 16 ransom ...
New research from Zenity Labs found attackers exploiting critical LiteLLM vulnerabilities and hijacking AI infrastructure to conduct attacks against third parties and power their own operations. The ...