The researcher, who goes by bikini, dropped the exploit code and vulnerability write-ups in a now-removed GitHub repository ...

Adversaries could plant a malicious repository that executes arbitrary code and steals cloud credentials, showcasing MCP risk ...

The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.

Mandiant details exploitation of CVE-2026-20245, a Cisco Catalyst SD-WAN vulnerability exploited as a zero-day months prior ...

Cisco SD-WAN zero-day CVE-2026-20245 was exploited months before disclosure: Mandiant reveals how a malicious CSV file ...

A critical libssh2 vulnerability threatens IT infrastructures. Patches are available, but not yet widely implemented.

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks.

D-Link router botnet AryStinger has compromised over 4,300 end-of-life DIR-850L and DIR-818LW devices, Qianxin XLab reported ...

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...

Switchzilla amid reports of new serious vulnerabilities under attack. First up is a server-side request forgery bug in its Unified Communications Manager tracked as CVE-2026-20230. Cisco disclosed and ...

A threat actor started exploiting a severe vulnerability in Cisco products at least two months before the flaw was disclosed, ...

FortiBleed targeted 430,000 FortiGate firewalls with sniffers and brute-force pipelines that identified over 110 million ...