wild
-
SQL Injection in LiteLLM: Inside CVE‑2026‑42208 and Its Rapid Exploitation
In the rapidly evolving landscape of AI orchestration, the security of middle-tier gateways has become a primary target for sophisticated…
Read More » -
Critical Authentication Bypass Vulnerability (CVE-2025-65856) in Hangzhou Xiongmai XM530 IP Cameras
A high-severity security flaw has been uncovered in the Hangzhou Xiongmai Technology XM530 series IP cameras, posing an imminent threat…
Read More » -
From Disclosure to Exploitation in Hours: LMDeploy SSRF Vulnerability Exploited in the Wild
In the rapidly evolving landscape of AI infrastructure, the window between vulnerability disclosure and active exploitation is shrinking to a…
Read More » -
Over 1,300 SharePoint Servers Remain Vulnerable to Active Spoofing Exploits
In what is becoming a stark case study in patch management latency, more than 1,370 Microsoft SharePoint servers remain exposed…
Read More » -
Analyzing the Critical Groovy-Based RCE in Apache Syncope (CVE-2025-57738)
In a significant blow to identity management security, security researchers have unveiled a high-severity Remote Code Execution (RCE) vulnerability within…
Read More » -
Stealth by Design: Unpacking the Sophisticated ‘Stealtok’ Malicious Extension Campaign
In a sobering reminder of how easily trust can be exploited, security researchers at LayerX have exposed a highly coordinated…
Read More » -
Inside MiningDropper: Unpacking the Sophisticated Modular Framework Targeting Android Ecosystems
In the ever-evolving landscape of mobile threats, a new player has emerged that operates less like a traditional piece of…
Read More » -
Critical FortiSandbox Vulnerability CVE-2026-39808: Public Exploit Now Available
A proof-of-concept (PoC) exploit has been publicly released for a critical security flaw in Fortinet’s FortiSandbox, putting thousands of networks…
Read More » -
Critical Nginx-UI Vulnerability CVE-2026-33032 Allows Full Server Takeover
A Critical-rated security flaw (CVE-2026-33032) in nginx-ui – a widely deployed open-source interface for Nginx server management – is actively…
Read More » -
Ivanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User Sessions
Ivanti has issued a security advisory detailing two medium-severity vulnerabilities affecting its Neurons for IT Service Management (ITSM) platform. These…
Read More » -
Microsoft Releases April 2026 Patch Tuesday Update: 168 Vulnerabilities Patched Including Active Zero-Day Exploit
Microsoft has addressed a critical security gap by releasing its April 2026 Patch Tuesday updates, covering 168 vulnerabilities across its…
Read More » -
EDR Killers Broaden Ransomware Tactics, ESET Warns
Ransomware gangs are rapidly expanding their use of EDR killers, moving beyond vulnerable drivers to a broader mix of scripts,…
Read More » -
Adobe Releases Emergency Patch for Critical Zero-Day Flaw in Acrobat and Reader
Adobe has issued an urgent security update to fix a critical zero-day vulnerability affecting Acrobat and Reader on both Windows…
Read More » -
ClickFix, Malicious DMGs Push notnullOSX to macOS Users
Hackers are abusing ClickFix commands and booby-trapping DMG installers to deliver a new macOS stealer called notnullOSX, built to loot…
Read More » -
Multiple SonicWall Flaws Enable SQL Injection and Privilege Escalation Attacks
SonicWall has published a critical security advisory addressing four distinct vulnerabilities in its SMA1000 series appliances. These security flaws open…
Read More » -
Hackers Target Adobe Reader Users With Sophisticated Zero-Day Exploit
Security researchers have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in…
Read More » -
Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed
A critical security flaw in Flowise, a widely used open-source AI development platform, is currently being actively exploited in the…
Read More »