More results...
Security researchers at Zenity Labs disclosed a critical flaw in Perplexity’s Comet “agentic” browser that allowed attackers to steal local files using a malicious Google Calendar invite. The issue, dubbed PerplexedBrowser and grouped under Zenity’s “P…
A high-severity security vulnerability has been discovered in the IPVanish VPN application for macOS. This flaw allows any unprivileged local user to execute arbitrary code with root privileges without requiring any user interaction. The attack bypasse…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, identified as CVE-2026-22719, is currently …
A threat actor known as FulcrumSec has claimed responsibility for a data breach at LexisNexis Legal & Professional, the legal information division of RELX Group. The actor alleges they have stolen 2.04 GB of structured data from the company’s…
Microsoft recently uncovered sophisticated phishing campaigns that exploit the by-design redirection mechanisms of the OAuth 2.0 protocol. Threat actors are targeting government and public-sector organizations by manipulating legitimate authentication …
A persistent bug in Windows 11 in-place upgrades is reportedly wiping critical 802.1X wired authentication configurations, leaving enterprise workstations completely offline until manual intervention occurs. System administrators across Reddit’s r/sysa…
Security researchers from the Google Threat Intelligence Group (GTIG) have uncovered “Coruna,” a highly sophisticated iOS exploit kit responsible for compromising thousands of iPhones. Targeting iOS versions 13.0 through 17.2.1, the framewo…
When drones can watch your every move and jammers scramble your communications, you need to keep your battle plans and your org chart simple, say officers from the Army’s National Training Center.
A new phishing framework called Starkiller is raising the bar for “phishing-as-a-service” by serving victims the real login pages of major brands through attacker infrastructure, making pages look authentic and stay up to date. By acting as a live reve…
Keygraph has released Shannon, a fully autonomous AI-powered penetration testing tool designed to identify and actively exploit real vulnerabilities in web applications before malicious actors can. Unlike traditional scanners that generate alerts, Shan…