More results...
A severe security flaw has been discovered in the Ninja Forms File Upload plugin, a widely utilized WordPress add-on that allows website administrators to accept documents, images, and other media from their visitors. Tracked officially as CVE-2026-074…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Fortinet products. The agency officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on Apri…
Google has announced a significant update for its Chrome browser, extending native lazy loading capabilities to audio and video elements. This highly anticipated feature aims to improve web performance, drastically save bandwidth, and offer subtle secu…
Anthropic’s flagship AI coding agent, Claude Code, was recently discovered to contain a critical security flaw that silently bypasses developer-configured safety rules. The vulnerability allows attackers to execute blocked commands, such as data …
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely.
The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek.
A newly discovered critical vulnerability in the open-source Dgraph database system leaves servers exposed to complete system takeovers. Tracked as CVE-2026-34976 and carrying a maximum CVSS score of 10.0, this missing authorization flaw allows remote,…
Threat actors associated with North Korea are deploying fake Microsoft Teams domains to conduct social engineering attacks and distribute malware. The threat group, identified as UNC1069, uses convincing meeting lures and compromised communication chan…
Cybersecurity researchers have issued an urgent warning for organizations using Fortinet’s FortiClient Enterprise Management Server (EMS). Over 2,000 instances of this critical administrative tool are currently exposed to the public internet. Thr…
AI firm Mercor confirms a breach linked to a LiteLLM supply chain attack, as hackers claim to have stolen 4TB of sensitive data and internal systems.
Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. Cisco…