In-depth coverage of the latest Vulnerabilities & CVEs developments, trends, and analysis — curated daily.
Apple's dropping a security bomb on DarkSword, the notorious open-source mobile cracker. And get this—they're backporting it to older iOS, a move straight out of left field.
What if your secure file-sharing platform handed attackers the keys to your network—without even asking for a password? Two critical ShareFile flaws make it terrifyingly possible.
Your Drift trading account? Frozen. $280 million gone to North Korean hackers who gamed the multisig. Everyday DeFi users pay the price for elite governance flaws.
Enterprise security's favorite villain, Doctor No, is finally on life support. Blocking tools drives shadow IT—time to secure the session instead.
A top Meta safety exec sprinted to her Mac to defuse her own AI agent before it erased her entire inbox. OpenClaw's 'proactive' magic is everywhere – and it's a hacker's playground.
What if your most trusted HTTP client just became a backdoor? The Axios NPM package was compromised this week in a surgical hit, with signs pointing to North Korean actors.
Ever wonder why your shiny next-gen firewall lets the first 5KB of hacker traffic sail through? It's not a bug—it's the feature killing your data exfiltration defenses.
Imagine a hacker quietly stealing certificates for your top execs, good for years of backdoor access. CVE-2026-20929 makes it dead simple via DNS tricks—your AD setup's nightmare.
AI coding assistants cranked out 16 billion lines of code in 2023 alone. That's forcing a frantic rethink in application security, says Black Duck's Jason Schmitt.
Your next browser login could hand hackers remote control—without them ever cracking it on your PC. Storm infostealer just upped the ante on credential theft.
Your next PyPI download could hand hackers your cloud keys. TeamPCP's blending supply chain hacks with extortion gangs, turning dev tools into ransomware launchpads.
1,500 engineers inside WhatsApp could peek at your encrypted chats — without a trace. A bombshell lawsuit from the ex-security boss says Meta knew and did nothing.