Understanding Current Threats to Kubernetes Environments
Unit 42 uncovers escalating Kubernetes attacks, detailing how threat actors exploit identities and critical vulnerabilities to compromise cloud environments....
Vulnerability Disclosure
20 articles
CISA orders feds to patch Fortinet flaw exploited in attacks by Friday
The U.S.
50,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in Ninja Forms – File Upload WordPress Plugin
On January 8th, 2026, we received a submission for an Arbitrary File Upload vulnerability in Ninja Forms - File Upload, a WordPress plugin with an estimated ...
Google DeepMind Researchers Map Web Attacks Against AI Agents
Malicious web content can be used to manipulate, deceive, and exploit autonomous AI agents navigating the internet, Google DeepMind researchers show. The res...
5 email threats to watch as identity and AI attacks evolve
Attacks on email that exploit OAuth consent, lateral phishing, and AI payroll fraud top the list.
Critical Claude Code Flaw Silently Bypasses User-Configured Security Rules
Anthropic’s flagship AI coding agent, Claude Code, was recently discovered to contain a critical security flaw that silently bypasses developer-configured sa...
Google’s Bug Bounty Program Hits Record $17 Million in 2025 Payouts
Google has announced a record-breaking year for its Vulnerability Reward Program (VRP). In 2025, the tech giant paid out more than $17 million to ethical hac...
Authentication is broken: Here’s how security leaders can actually fix it
Authentication keeps breaking where it matters most: On regulated front lines such as healthcare, government, aerospace and travel. The core issue is not a l...
6 ways attackers abuse AI services to hack your business
Attackers are starting to exploit AI systems to mount attacks in the same way they once relied on built-in enterprise tools such as PowerShell. Instead of re...
36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 Malware
A coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a range of payloads i...
Google DeepMind Flags New Threat as Malicious Web Content Puts AI Agents at Risk
As artificial intelligence evolves from simple chatbots to autonomous agents that actively browse the web, a new cybersecurity threat has emerged. Researcher...
[webapps] WBCE CMS 1.6.4 - Remote Code Execution
WBCE CMS 1.6.
[webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution
RiteCMS 3.1.
[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
Desktop Window Manager Core Library 10.0.
New FortiClient EMS flaw exploited in attacks, emergency patch released
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively e...
New FortiClient EMS flaw exploited in attacks, emergency patch released
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively e...
Fraudsters exploit vacant properties and postal services for identity theft
The tutorial, analyzed by Flare, outlines a low-cost, difficult-to-detect workflow that begins with identifying vacant residential properties, often found by...
CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers
A bug in a popular line of video conferencing software is being exploited by hackers, prompting the U.S.
Security lapse lets researchers view React2Shell hackers’ dashboard
An apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old ...
Claude Code is still vulnerable to an attack Anthropic has already fixed
The leak of Claude Code’s source is already having consequences for the tool’s security. Researchers have spotted a vulnerability documented in the code.