Experts Welcome Global Cybersecurity Vulnerability Enumeration Launch
A new service, the Global Cybersecurity Vulnerability Enumeration (GCVE), offers an alternative to the US-led CVE
Vulnerability Disclosure
20 articles
Researchers Exploit Bug in StealC Infostealer to Collect Evidence
CyberArk says it exploited a vulnerability in the StealC infostealer to gather intelligence
RondoDox Botnet Targets HPE OneView Vulnerability in Exploitation Wave
Check Point Research has reported a surge in attacks on a vulnerability in HPE OneView, driven by the Linux-based RondoDox botnet
Threat and Vulnerability Management in 2026
Understand the future of threat and vulnerability management (TVM). Learn what TVM is, why traditional tools fail, and how intelligence is essential in today...
Cyber Threat Actors Ramp Up Attacks on Industrial Environments
Hacktivists and cybercriminals have intensified their efforts to exploit vulnerabilities in industrial systems, according to a Cyble report
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our e...
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the res...
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One ef...
Lack of isolation in agentic browsers resurfaces old vulnerabilities
With browser-embedded AI agents, we’re essentially starting the security journey over again. We exploited a lack of isolation mechanisms in multiple agentic ...
[webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection
WordPress Quiz Maker 6.7.
[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
FreeBSD rtsold 15.
Use GWP-ASan to detect exploits in production environments
Memory safety bugs like use-after-free and buffer overflows remain among the most exploited vulnerability classes in production software. While AddressSaniti...
[webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection
Summar Employee Portal 3.98.
Critical React2Shell Vulnerability Under Active Exploitation by Chinese Threat Actors
A critical vulnerability in React Server Components is allegedly being actively exploited by multiple Chinese threat actors, Recorded Future recommends organ...
[webapps] MaNGOSWebV4 4.0.6 - Reflected XSS
MaNGOSWebV4 4.0.
[webapps] Django 5.1.13 - SQL Injection
Django 5.1.
[webapps] MobileDetect 2.8.31 - Cross-Site Scripting (XSS)
MobileDetect 2.8.
[webapps] phpMyAdmin 5.0.0 - SQL Injection
phpMyAdmin 5.0.
[webapps] RosarioSIS 6.7.2 - Cross Site Scripting (XSS)
RosarioSIS 6.7.
[webapps] RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)
RosarioSIS 6.7.