MetInfo CMS flaw CVE-2026-29014 exploited after April 7 patch, enabling remote code execution and targeting 2,000 instances.

A critical remote code execution flaw in GitHub was patched by Microsoft in roughly two hours after public disclosure, ...

Security researchers at JFrog worked with biotechnology company 23andMe to address a vulnerability with Yamale, a tool written by the company and used by over 200 repositories. The smartest companies ...

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ...

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...

The FTP server ProFTPD includes a module called mod_sql. It contains an SQL injection vulnerability that can ultimately lead ...

A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue. A newly disclosed vulnerability in GitLab Duo ...

A new security update to the Ninja Forms WordPress plug-in — which has more than 1 million active installations — patches a code injection vulnerability researchers say is being actively exploited in ...

The vulnerability has been given a severity score of 9,8, and administrators should patch immediately.

A pair of flaws affecting Ivanti’s Endpoint Manager Mobile have been exploited in attacks impacting a ‘very limited’ number of customers, the company says. A pair of critical-severity vulnerabilities ...