CSO Online

Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes

The decade-old ActiveMQ flaw was uncovered and weaponized in minutes, showing AI’s exploit-building potential amid the Mythos ...

Google Zero-Day Alert For 3.5 Billion Chrome Users—Attacks Underway

Google has confirmed an emergency Chrome security update amid reports that attackers are exploiting two zero-day ...
Financial News

Google Fixes Fourth Actively Exploited Chrome Zero-Day in a Single Month

Security researchers have discovered a specific type of alert that they can decipher from a Google advisory. The language is ...
SecurityWeek

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile security risks are increasing as enterprises struggle with outdated devices, risky apps, and expanding attack surfaces ...
Bleeping Computer

Oracle pushes emergency fix for critical Identity Manager RCE flaw

Update: Added that Oracle declined to comment on whether the vulnerability has been exploited. Oracle has released an out-of-band security update to fix a critical unauthenticated remote code ...
CSO Online

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch deadline.
Bleeping Computer

Critical Microsoft SharePoint flaw now exploited in attacks

A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned. Tracked as CVE-2026-20963, this ...
Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...