Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in ...

Hackers can now take over WordPress sites instantly using a simple plugin flaw ...

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. The security issue is ...

Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and ...

ClaudeBleed, a vulnerability in Claude in Chrome, allows malicious extensions to hijack the AI agent for nefarious purposes.

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing Secure Mode protections.

On the April Patchday, SAP addresses vulnerabilities with 19 security notes. One critical vulnerability allows the injection of SQL commands. On the April Patchday, SAP addresses vulnerabilities in ...

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...

Security vulnerabilities in Gimp allow code injection with manipulated files like GIFs. Gimp 3.2.2 corrects them. Vulnerabilities lie dormant in Gimp's processing routines for several image formats, ...