The vulnerability flood is here. Patching won't save you.
AI-driven vulnerability discovery is outpacing patch cycles, forcing defenders to prioritize detection.
Vulnerability Disclosure
20 articles
Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild
Dirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public.
Cline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding Agents
Cline, a widely adopted open-source AI coding agent, has recently patched a severe vulnerability in its local Kanban server. Trusted by developers with deep ...
Snyk integrates Claude to advance AI-native application security
Snyk has announced it is leveraging Anthropic’s Claude models to advance software security. Snyk has integrated Claude into the Snyk AI Security Platform, en...
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension. The post Vulnerability in Claud...
May 2026 Patch Tuesday forecast: AI starts driving security industry changes
Project Glasswing. This is one of three major security industry changes I’ll cover today.
PoC Exploit Released for Dirty Frag Linux Kernel Vulnerability
A proof-of-concept exploit for a new Linux kernel vulnerability class dubbed “Dirty Frag”. This universal local privilege escalation vulnerability allows att...
Become a millionaire by bug hunting on Android
Over the past decade, Google has introduced a wide range of bug bounty programs for its software and services. The company has now announced that the reward ...
Canvas login portals hacked in mass ShinyHunters extortion campaign
The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login ...
When prompts become shells: RCE vulnerabilities in AI agent frameworks
New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these vulnerabilities work, what’s impacted, an...
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...
The hidden risk in hybrid IT: Fragmented vulnerability management
Hybrid IT and AI expand attack surfaces, making continuous, context-aware risk management essential.
Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
Cisco’s AI security researchers have analyzed ways to target vision-language models (VLMs) using pixel-level perturbation. The post Attackers Could Exploit A...
How Cloudflare responded to the “Copy Fail” Linux vulnerability
When a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated t...
MAXHUB Pivot Client Application
View CSAF Summary Successful exploitation of this vulnerability may enable an attacker to access tenant email addresses and associated information in clearte...
Critical Palo Alto Networks software bug hits exposed firewalls
Palo Alto Networks is warning customers about a critical buffer overflow vulnerability affecting its PAN-OS user-ID authentication portal that is already bei...
Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack
Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue. The post Gemini CLI Vulnerability C...
Scammers Exploit Disposable VoIP Numbers to Bypass Reputation Blocking
New tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrast...
Hackers Exploit Google Ads to Steal GoDaddy ManageWP Logins
Hackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look‑alike phishing ad above the legitimate ManageWP result and proxying vi...
[webapps] Bludit CMS 3.18.4 - RCE
Bludit CMS 3.18.