OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds
CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerabili...
Vulnerability Disclosure
20 articles
The Good, the Bad and the Ugly in Cybersecurity – Week 23
US Treasury sanctions Iran's largest crypto exchange, PRC-linked TA4922 expands phishing to Europe and Africa, attackers exploit Palo Alto VPN bypass.
AI-Powered Worm Leverages Stolen Compute to Target Linux, Windows, and IoT Devices
AI-powered malware is moving from theory to reality, with new proof-of-concept worms showing how large language models (LLMs) can autonomously compromise mix...
Thieves can pull off keyless car theft in under a minute and here’s how to stop them
A keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house.
New infosec products of the week: June 5, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Asimily, depthfirst, Diligent, Hyland, MazeBolt, and Noma. Asimily...
US government report slams NIST for NVD backlog
A report from the US Commerce department’s inspector general blames the National Institute of Standards and Technology (NIST) for the ever-growing backlog of...
[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
WordPress Contest Gallery 28.1.
Underground forum tutorial simplifies vulnerability exploitation for novice hackers
The tutorial, authored by a hacker known as "Hercules" and documented by cybersecurity company Flare, breaks down the process of scanning, detecting, exploit...
Quarterly WordPress Threat Intelligence Report – Q1 2026
As the industry leader in WordPress security we have access to attack telemetry and vulnerability intelligence that no other security provider can compare to...
9.8 Mirasvit bug actively exploited on Magento servers
CISA warns of an actively exploited Magento extension flaw that enables remote code execution.
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts
WordPress Kirki plugin vulnerability allows account takeover
The vulnerability, present in Kirki versions 6.0.
CISA directive for AI executive order to be released this week, Andersen says
The binding operational directive will focus in part on “vulnerability alleviation and vulnerability management,” Andersen said in remarks delivered at the T...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 25, 2026 to May 31, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...
US agencies warn of hackers targeting fuel tank monitoring systems
Threat actors are exploiting vulnerabilities such as authentication bypass, hardcoded credentials, OS command execution flaws, SQL injection, and privilege e...
Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook
Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tut...
Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process
The security researcher, Ammar Askar, released the new proof-of-concept exploit on his personal blog — alongside the public tracker for issues in VS Code — g...
Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark
A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation
Mirasvit Vulnerability Exploited to Execute Code on Magento Servers
A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The post Mirasvit Vulnerability Ex...
Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs
A high severity vulnerability in Hugging Face Transformers enables attackers to compromise systems that use the popular Python library to test and run AI mod...