More results...
A critical local privilege escalation (LPE) vulnerability, identified as CVE-2026-20817, has been publicly documented following the release of a proof-of-concept (PoC) exploit. Discovered in the Windows Error Reporting (WER) service, the flaw allows an…
A critical vulnerability was recently discovered in the DuckDuckGo browser for Android, exposing users to Universal Cross-Site Scripting (UXSS) attacks. This flaw, found in the browser’s AutoConsent JS bridge, allows malicious code from an untrus…
A critical command injection vulnerability, identified as CVE-2026-27728, has been discovered in OneUptime, a platform for monitoring and managing online services. This flaw allows authenticated users to execute arbitrary operating system commands on t…
A critical vulnerability has been discovered in Langflow, a popular low-code tool used for building applications with Large Language Models (LLMs). The flaw, tracked as CVE-2026-27966, resides in the software’s CSV Agent node and could allow mali…
An international law enforcement operation named Project Compass has launched a major offensive against “The Com,” a dangerous transnational virtual network (TVN). The operation, which began in January 2025, has successfully led to the arre…
A critical vulnerability has been discovered in Angular Server-Side Rendering (SSR) that could allow attackers to perform Server-Side Request Forgery (SSRF) and Header Injection attacks. Tracked as CVE-2026-27739, this flaw enables unauthorized server-…
A severe infrastructure incident in the Middle East has triggered a massive Amazon Web Services (AWS) outage, disrupting critical cloud operations across the region. The event, which aggressively impacted the ME-CENTRAL-1 (United Arab Emirates) and ME-…
A popular Iranian prayer timing application, BadeSaba Calendar, was hacked to deliver anti-government push notifications to millions of users. This cyber incident occurred early Saturday morning, coinciding with joint U.S. and Israeli military strikes …
OpenClaw, a highly popular open-source AI personal assistant with over 100,000 GitHub stars, recently faced a critical security flaw. This AI tool, which autonomously manages developer workflows across laptops, messaging apps, and dev tools, was found …
Threat actors are executing sophisticated phishing campaigns that impersonate Zoom and Google Meet to silently deploy Teramind onto Windows devices. While Teramind is a legitimate enterprise endpoint monitoring product, scammers are abusing its stealth…