Taiwan networking provider Zyxel has released security updates to address a critical vulnerability affecting over a dozen router models that can allow unauthenticated attackers to gain remote command ...

CVE-2026-2329 allows unauthenticated root-level access to SMB phones, so attackers can intercept calls, commit toll fraud, and impersonate users.

A set of attack vectors in GitHub Codespaces have been uncovered that enable remote code execution (RCE) by opening a malicious repository or pull request. The findings by Orca Security, show how ...

Google has released a Chrome security update addressing two high-severity vulnerabilities that could allow attackers to execute arbitrary code or cause browser crashes. The issues affect core browser ...

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Despite more than a month after ...

Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities Your email has been sent Both platforms serve as backbone infrastructure for remote work and software development, making these flaws ...

Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports ...

Governments and private security sleuths warned that attackers are already exploiting a critical bug in Microsoft Windows Server Update Services, shortly after ...

Attackers are taking advantage of a vulnerability in Cisco’s Simple Network Management Protocol (SNMP), which allows malicious rootkits to be installed on network hardware. According to findings from ...

In light of new memory safety features added to Apple’s latest iPhone chips that make entire classes of exploits harder to pull off, the company has revamped its bug bounty program to double or ...

A command injection vulnerability was found in the figma-developer-mcp Model Context Protocol (MCP) server. The flaw could allow attackers to run arbitrary system commands and achieve remote code ...

Nearly half a year since its patch was released, few vendors and no manufacturers have fixed a zero-click vulnerability in Apple CarPlay. On April 29, researchers from Oligo Security disclosed a ...