More results...
A newly documented Windows vulnerability, CVE-2026-20817, impacts the Windows Error Reporting Service (WER) and enables local privilege escalation. The issue matters because WER runs as NT AUTHORITY\SYSTEM, so any mistake in its permission checks can b…
A serious security flaw has been discovered in Axios, one of the most popular HTTP client libraries for Node.js, allowing attackers to crash servers and trigger denial-of-service (DoS) attacks. The vulnerability, tracked as CVE-2026-25639, affects all …
A critical security oversight has left thousands of AI agents wide open to the public internet. 15,200 instances of the OpenClaw AI framework (formerly Clawdbot and Moltbot) are vulnerable to remote takeover. The STRIKE team used internet-wide reconnai…
“Chat & Ask AI,” a highly popular mobile application available on both Google Play and the Apple App Store, has suffered a significant data exposure. An independent security researcher discovered a vulnerability that left approximately …
Microsoft is currently tackling a significant service degradation within Exchange Online that is disrupting business communications by incorrectly flagging legitimate emails as phishing attempts. The incident, tracked under the identifier EX1227432, be…
A sophisticated new cyber campaign has been detected targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Starting on February 4, 2026, threat actors began exploiting two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, to plant dormant b…
A critical “zero-click” vulnerability in Claude Desktop Extensions (DXT) that allows attackers to compromise a computer using nothing more than a Google Calendar event. The flaw, which has been assigned a maximum severity score of CVSS 10/1…
The European Commission successfully contained a cyberattack targeting its mobile device management infrastructure on January 30, 2026. The incident, which potentially exposed staff names and mobile numbers, was neutralized within nine hours of detecti…
Threat actors are actively exploiting critical vulnerabilities in SolarWinds Web Help Desk (WHD) to deploy custom malware and establish persistent remote control. Security researchers observed these attacks starting on February 7, 2026, targeting organ…
A new offensive security tool named “RecoverIt” has been released, offering red teamers a stealthy method for lateral movement and persistence by abusing the Windows Service recovery mechanism. The tool circumvents traditional detection met…