CVE-2025-8088, a WinRAR vulnerability patched in July 2025, has been widely exploited by state-sponsored threat actors and cybercriminals.

Microsoft rushed an emergency Patch Tuesday fix after a new Office zero-day began spreading in active attacks. CISA warns ...

ChatGPT has quietly gained bash support and multi-language capabilities, enabling users to run commands and install packages in containers without official announcements.

A Microsoft zero-day vulnerability has been added to the KEV catalogue alongside the SmarterTools SmarterMail authentication ...

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

At first glance, the criminal code appears to be a typical legal framework. But the state’s goal is not to protect citizens, ...

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

Knostic found 1,862 MCP servers exposed with zero authentication. Here are five actions CISOs should take now.

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

The rapid adoption of AI agents has exposed a structural security problem in the Model Context Protocol. Due to a lack of authentication, hundreds of MCP ...

January 2026 was a wake-up month for enterprise security teams. In a single week, CERT-In released three high-severity ...