CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...

The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to ...

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...

The US cybersecurity agency added the bug, tracked as CVE-2026-34197, to its Known Exploited Vulnerabilities (KEV) catalog on ...

Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports ...

Hackers are exploiting yet another vulnerability in one of Ivanti’s widely used enterprise products, the U.S. government’s cybersecurity agency CISA warned in a fresh alert this week. The remote code ...

Microsoft has twisted the knife into ActiveX once again, setting Microsoft 365 to disable all controls without so much as a prompt.… The change replaces the previous default setting, "Prompt me before ...

Researchers have found 14 logic flaws in various components of HashiCorp Vault and CyberArk Conjur, two open-source credential management systems, allowing attacks that could bypass authentication ...

Article updated to add information from CyberPanel developer and with information on free decryptor. Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE) ...

Patch SharePoint Now: Microsoft Servers at Risk of New ToolShell RCE Attack Your email has been sent How the ToolShell RCE attack works How to protect your SharePoint server from compromise What to do ...