AI helps uncover critical 4-year-old Zcash vulnerability
The bug, which existed from Orchard's activation in May 2022 until an emergency fix on June 1, 2026, involved a flawed validation check for transaction inputs.
Vulnerability Disclosure
20 articles
Hackers exploit critical Everest Forms Pro vulnerability for website control
The vulnerability resides within the plugin's Complex Calculation feature, which processes user input and inserts it into a PHP code string for execution via...
Hackers used Meta’s AI support system to hijack over 20,000 Instagram accounts
Meta has revealed that attackers hijacked 20,225 Instagram accounts by exploiting a flaw in the company’s AI-assisted account recovery system. According to t...
Google Protocol Buffers flaw turns schemas into shells
A widely used JavaScript implementation of Google’s Protocol Buffers format is placing too much trust in untrusted data, exposing affected applications to re...
Everest Forms Vulnerability Exploited to Hack WordPress Sites
The flaw allows attackers to execute arbitrary code remotely and has been exploited in the wild for two months. The post Everest Forms Vulnerability Exploite...
The Hardest Fork
Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why.
Google Fixes 429 Chrome Vulnerabilities, Including 22 Critical Bugs
Google has released Chrome 149 to the stable channel, addressing a significant batch of 429 security vulnerabilities across Windows, macOS, and Linux, includ...
ConnectSecure’s Patch 360 gives MSPs control over patch testing and deployment
ConnectSecure has announced the launch of Patch 360, a patch management solution built for managed service providers (MSPs) to reduce deployment risk while a...
Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE
Internet Explorer’s legacy WebBrowser control can be abused to turn seemingly harmless user clicks into full remote code execution (RCE), even on systems tha...
Instagram Patches Account Recovery Flaw Leaking User Contact Information
A critical logic flaw in Instagram’s web-based account recovery workflow exposed unredacted user contact information, including full email addresses and phon...
Meta AI Bug Exposes Over 20,000 Instagram Accounts
Meta confirms an AI tool vulnerability led to unauthorized access to Instagram accounts after a failure in email verification during password reset
SolarWinds Serv-U Vulnerability Exploited in the Wild
Unauthenticated attackers can exploit the flaw via specially crafted POST requests that crash the Serv-U service. The post SolarWinds Serv-U Vulnerability Ex...
Critical UniFi OS RCE Chain Grants Root Access Without Credentials
Security Advisory Bulletin 064 describing a critical chain of vulnerabilities in UniFi OS Server that allows unauthenticated remote code execution and full r...
Hackers Exploit Claude Code MCP Traffic to Hijack OAuth Authentication Tokens
Threat researchers have uncovered a novel man-in-the-middle (MitM) attack chain targeting Anthropic’s Claude Code ecosystem, where adversaries hijack Model C...
Free Samsung and LG Smart TV Apps Reportedly Exploit Devices for AI Proxy Traffic
Free apps available on Samsung, LG, Roku, and other connected TV (CTV) platforms are quietly enrolling users’ smart televisions into a commercial residential...
Hackers Exploit 2026 FIFA World Cup With Phishing and Ticket Scams
Cybercriminals are already turning the 2026 FIFA World Cup into a fraud opportunity, using phishing pages, fake online stores, and ticket scams to steal mone...
Emphere Raises $2.1 Million for AI-Powered Vulnerability Remediation
Emphere’s solution delivers AI-driven remediation to software companies to speed up releases. The post Emphere Raises $2.
Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.
Claude Opus 4.8 helped uncover a four-year-old critical flaw in Zcash that could have enabled undetectable creation of counterfeit coins.
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [.
Another Cisco Catalyst SD-WAN Manager bug actively exploited
Cisco warns of an exploited SD-WAN flaw that can enable remote code execution and network compromise.