Apiiro launches CLI to integrate application security into AI development workflows
Apiiro argues that current security workflows are reactive, relying on scanning and remediation after code is written, a model unsustainable with AI's speed.
Media
20 articles
Old Docker authorization bypass pops up despite previous patch
Researchers warn about a new vulnerability that allows attackers to bypass authorization plug-ins in Docker Engine and gain root-level access to host systems...
The Mythos Inflection Point: Dealing With the Upcoming Vulnerability Disclosure Avalanche and Compressed Exploitation Window
Having spent years at Qualys working on vulnerability risk and remediation management, I have watched the disclosure and remediation cycles from every angle....
Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before de...
Russia accuses former Radio Free Europe journalist of aiding cyberattacks for Ukraine
In a statement to state-owned media, the FSB said the suspect joined a Telegram channel controlled by the Security Service of Ukraine (SBU) and passed inform...
113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs
MyLovely.AI, an AI girlfriend platform, suffered a data breach that exposed over 100,000 users.
OPSWAT adds predictive AI engine to MetaDefender for pre-execution threat detection
OPSWAT has announced OPSWAT Predictive Alin AI, its first proprietary AI-based threat detection engine for the MetaDefender Platform. This AI-based innovatio...
Technical Details Released for Critical Cisco SSM Command Execution Vulnerability
Security researchers have published technical details regarding a highly critical vulnerability in the Cisco Smart Software Manager On-Prem (SSM On-Prem). Tr...
Advenica’s File Scanner Kiosk scans USB media for malware
Advenica announced the File Scanner Kiosk, a system that scans USB media for malware and helps businesses reduce infection risk. With the reliance on externa...
Silver Fox Campaign Spreads ValleyRAT via Fake Chinese Telegram Language Pack
New analysis of a fake Telegram installer uploaded to MalwareBazaar shows Silver Fox expanding its ValleyRAT operations with a fresh delivery chain that hide...
GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code Injection
GitLab has rolled out a crucial security update to fix multiple vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms. Orga...
Critical Vulnerability in Ninja Forms Exposes WordPress Sites
Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.
IBM Security Verify Access Flaws Let Remote Attackers Access Sensitive Data
IBM has issued an urgent security bulletin addressing a slew of vulnerabilities impacting IBM Verify Identity Access and IBM Security Verify Access. These fl...
Multiple OpenSSL Flaws Expose Sensitive Data in RSA KEM Handling
A newly disclosed flaw in OpenSSL could allow attackers to access sensitive data stored in application memory. Tracked as CVE-2026-31790, this moderate-sever...
Windmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept Published
Cybersecurity researchers have discovered critical vulnerabilities in the Windmill developer platform and Nextcloud Flow, an integration embedding the Windmi...
50,000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCE
A severe security flaw has been discovered in the Ninja Forms File Upload plugin, a widely utilized WordPress add-on that allows website administrators to ac...
Fortinet customers confront actively exploited zero-day, with a full patch still pending
Two critical defects in FortiClient EMS have been exploited in the past couple weeks. Experts push for users to apply an immediate hotfix.
Google Brings Lazy Loading to Media Files in New Chrome Release
Google has announced a significant update for its Chrome browser, extending native lazy loading capabilities to audio and video elements. This highly anticip...
FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wil...
Chaos malware now targeting 64-bit Linux servers
Analysis of China-nexus groups also discovers double-pronged strategy, one on immediacy, the other around long dwell times.