Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

A research team at Mohamed bin Zayed University of Artificial Intelligence published a finding in April 2026 that has gained traction in engineering circles for reasons that go beyond its headline ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

A North Texas man whom experts for both prosecutors and defense attorneys had said was intellectually disabled became the 600th person executed in Texas since 1982, put to death Thursday evening for ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, ...

Developers using the latest versions of AI coding tools like Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI could inadvertently execute malicious code on their systems with a single keypress, or ...

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible ...