Since the introduction of serialization through the Marshal module in the Ruby programming language, developers and security experts have been drawn into a protracted game of “bypass and patch.” The history of these vulnerabilities...
The AI-powered code editor Cursor was recently found vulnerable to an attack technique dubbed “MCPoison” by the Check Point research team. This flaw enabled remote execution of arbitrary code on a developer’s machine, provided...
Critical vulnerabilities discovered in the NVIDIA Triton Inference Server platform pose a significant threat to the security of AI infrastructure across both Windows and Linux environments. This concerns an open-source solution designed for large-scale...
A critical vulnerability has been discovered in the Squid proxy server, enabling remote execution of arbitrary code. The flaw affects nearly all actively used versions, and given the widespread deployment of Squid, millions of...
Microsoft has announced sweeping enhancements to its vulnerability rewards program for the .NET platform, significantly broadening its scope and increasing compensation for valid discoveries. Security researchers can now earn up to $40,000 for critical...
A critical vulnerability has been discovered in the Cursor source code editor, an AI-powered tool designed to assist programmers. The flaw, identified as CVE-2025-54135 and dubbed CurXecute, affects nearly all versions of the IDE...
In the autumn of 2024, the InfoSect bug hunting team prepared a remote code execution attack targeting the Synology TC500 IP camera for entry in the Pwn2Own Ireland competition. The exploitation hinged on a...
A critical vulnerability has been discovered in the widely used WordPress theme “Alone — Charity Multipurpose Non-profit”, which is already being exploited by malicious actors to compromise websites. Tracked as CVE-2025-5394, the flaw has...
Researchers at Bitdefender have disclosed two critical vulnerabilities in the firmware of Dahua smart surveillance cameras. These flaws, rooted in the ONVIF protocol implementation and the file upload mechanism, enable attackers to gain full...
Cybersecurity experts have identified more than a dozen critical vulnerabilities within the Niagara Framework—a platform developed by Tridium, a subsidiary of Honeywell. This technology is extensively deployed in the automation and management of smart...
A critical vulnerability has been discovered in Google’s newly released command-line interface tool, Gemini CLI, which could allow attackers to covertly execute malicious commands and exfiltrate data from developers’ machines—provided certain commands are permitted...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in the widely used print management software, PaperCut NG and MF. The flaw,...
Smart devices within a network are no longer mere assistants — they are potential adversaries. With every internet-connected thermostat or television, a new fissure emerges in the digital infrastructure. This truth is underscored by...
At the inaugural DistrictCon Junkyard competition, analysts from Trail of Bits vividly demonstrated the grave risks posed by outdated networking devices left without updates. During the event, they remotely compromised two discontinued products—the Netgear...
Researchers have uncovered a stealthy backdoor within WordPress, cunningly disguised as a system file within the mu-plugins directory—a special location designated for must-use plugins. This strategic placement enables threat actors to establish a persistent...
Recently uncovered critical vulnerabilities in Cisco’s infrastructure are already being actively exploited by malicious actors to compromise corporate networks. The company has officially confirmed that its Product Security Incident Response Team (PSIRT) has observed...