Skip to main content
← All Tags

Software Vulnerability

23 articles in this category

AI NewsCybersecuritySoftware Vulnerability

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

Microsoft released an emergency patch for the actively exploited Microsoft Office zero-day, CVE-2026-21509, a security feature bypass affecting millions of users.

Read more
AI NewsCybersecuritySoftware Vulnerability

Anthropic MCP Git Server Vulnerabilities Enable RCE via Prompt Injection

Three vulnerabilities in Anthropic’s MCP Git server allow remote code execution (RCE) through prompt injection attacks.

Read more
AI NewsCybersecuritySoftware Vulnerability

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Server Takeover

A critical CVSS 10.0 vulnerability, dubbed 'Ni8mare', in n8n allows unauthenticated attackers to gain full control of servers.

Read more
AI NewsCybersecuritySoftware Vulnerability

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

Singapore’s CSA warns of a CVSS 10.0 SmarterMail vulnerability enabling unauthenticated remote code execution via file upload; a patch is now available.

Read more
AI NewsCybersecuritySoftware Vulnerability

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe serialization.

Read more
AI NewsCybersecuritySoftware Vulnerability

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution

A critical n8n vulnerability (CVE-2025-68613, CVSS 9.9) allows authenticated users to execute arbitrary code, impacting over 100,000 instances.

Read more
AI NewsCybersecuritySoftware Vulnerability

FreePBX Vulnerabilities Allow RCE via SQL Injection, File Upload, and Auth Bypass

FreePBX patched 2025 flaws allowing SQL injection, file upload attacks, and an auth bypass, potentially leading to remote code execution.

Read more
AI NewsCybersecuritySoftware Vulnerability

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

New research reveals a .NET flaw, SOAPwn, enables file writes and remote code execution (RCE) through manipulated WSDL files in products like Barracuda and Ivanti.

Read more
AI NewsCybersecuritySoftware Vulnerability

Gogs Zero-Day Exploited in 700+ Instances

An unpatched Gogs flaw (CVE-2025-8110) is actively exploited, resulting in over 700 confirmed compromises via file overwrite and code execution.

Read more
AI NewsCyber SecuritySoftware Vulnerability

Over 30 Security Flaws in AI IDEs Enable Data Exfiltration and RCE Attacks

Over 30 security flaws in AI IDEs enable data exfiltration and remote code execution, exposing critical vulnerabilities in modern coding tools.

Read more
AI NewsCyber SecuritySoftware Vulnerability

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

39% of cloud environments face unauthenticated RCE risks from React/Next.js RSC flaws (CVE-2025-55182, CVSS 10.0).

Read more
AI NewsCyber SecuritySoftware Vulnerability

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Malicious npm package with 18,988 downloads evades AI security tools using deceptive prompts.

Read more
AI NewsCyber SecuritySoftware Vulnerability

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Grafana addresses a critical CVSS 10.0 vulnerability in SCIM allowing user impersonation and privilege escalation in versions 12.x.

Read more
AI NewsCyber SecuritySoftware Vulnerability

AI-Driven Malware Exploits Open-Source Trust: VS Code Extension and npm Packages

A malicious VS Code extension with ransomware capabilities and 17 npm packages distributing Vidar Infostealer highlight AI's role in modern supply chain attacks, exploiting open-source ecosystems.

Read more
AI NewsCyber SecuritySoftware Vulnerability

CISA Adds Gladinet and CWP Vulnerabilities to KEV Catalog Amid Active Exploitation

CISA has added critical vulnerabilities in Gladinet, CWP, and WordPress plugins to its KEV catalog, emphasizing urgent patching due to active exploitation in the wild.

Read more
AI Newscyber securitysoftware vulnerability

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

A critical vulnerability in React Native CLI allowed unauthenticated attackers to execute arbitrary OS commands, patched by Meta with a 9.8 CVSS score.

Read more
AI Newscyber security newssoftware vulnerability

Critical Security Flaws in Microsoft Teams Enable Impersonation and Undetected Message Manipulation

Four Microsoft Teams vulnerabilities allowed attackers to impersonate colleagues, edit messages without detection, and manipulate notifications, exposing users to social engineering and phishing risks.

Read more
AI Newscyber securitysoftware vulnerability

Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

Mandiant reports hackers exploited a Triofox vulnerability (CVE-2025-12480) to gain admin access and deploy remote tools.

Read more
AI Newscyber security newshacker news

OpenAI Unveils Aardvark: GPT-5 Agent for Automated Security Vulnerability Detection and Patching

OpenAI’s Aardvark, powered by GPT-5, autonomously identifies and patches security flaws in code, revolutionizing AI-driven cybersecurity with continuous threat detection and real-time patch generation.

Read more
AI NewsCyber SecuritySoftware Vulnerability

New 'Brash' Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

A critical vulnerability in Chromium's Blink engine, dubbed 'Brash,' allows attackers to crash browsers instantly via DOM overloads, affecting Chrome, Edge, Brave, and others.

Read more
AI NewsCyber SecuritySoftware Vulnerability

PhantomRaven Malware Exploits npm Packages to Steal Developer Secrets

Researchers identify PhantomRaven, a supply chain attack using 126 malicious npm packages to steal GitHub tokens and CI/CD secrets by exploiting remote dependencies and AI-generated package names.

Read more
AI Newscyber security newssoftware vulnerability

TEE.Fail: A Side-Channel Attack Exploiting DDR5 Secure Enclaves

A new side-channel attack, TEE.Fail, exploits DDR5 secure enclaves to extract cryptographic keys from Intel and AMD processors using affordable hardware.

Read more
AI NewsCyber SecuritySoftware Vulnerability

10 Malicious npm Packages Caught Stealing Developer Credentials Across Operating Systems

Cybersecurity researchers uncovered 10 typosquatted npm packages that deliver a 24MB PyInstaller info stealer, stealing credentials from Windows, macOS, and Linux systems via obfuscation and postinstall hooks.

Read more