Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
A new Linux kernel bug lets an ordinary, unprivileged user become root. It now hits Android too. Researchers have named it Bad Epoll. The Bad Epoll vulnerability carries the identifier CVE-2026-46242.
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities ...
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories ...
The critical libssh2 CVE-2026-55200 flaw inverts SSH security: the remote server attacks the connecting client, no ...
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
Cisco SD-WAN zero-day CVE-2026-20245 was exploited months before disclosure: Mandiant reveals how a malicious CSV file ...
As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly. “I’ve probably submitted three times more bugs than I did last year at this time—I would ...
Forza Horizon 6 players are exploiting certain parts of the game so that they can quickly and easily unlock every vehicle in the game. As spotted by GamesRadar, YouTuber XMBWesley posted a guide on ...
Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...
A recently patched Linux privilege escalation vulnerability now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. The ...