CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws
CISA issued urgent directive as attackers exploit Cisco SD-WAN flaw granting admin access to networks
Vulnerability Disclosure
20 articles
Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability
A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System ...
Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Conta...
Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities
Multiple vulnerabilities in Cisco IOS XR Software could allow an authenticated, local attacker to execute commands as root on an underlying operating system ...
Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthentica...
Six mistakes in ERC-4337 smart accounts
Account abstraction transforms fixed “private key can do anything” models into programmable systems that enable batching, recovery and spending limits, and f...
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials, Google Cloud Finds
Google Cloud report details a sharp rise in attackers exploiting software vulnerabilities, including React2Shell
Coruna Exploit Kit Targets Older iPhones in Multi-Stage Campaigns
Exploit kit "Coruna" targets iPhones running iOS 13.0 to 17.
Zero-Click FreeScout Bug Enables Remote Code Execution
Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction
Calls for Global Digital Estate Standard as Posthumous Deepfake Fraud Risk Grows
The OpenID Foundation warns that fragmented policies on posthumous digital accounts could open the door for fraudsters to exploit AI deepfakes
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
Introduction Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (re...
ClawJacked Bug Enables Covert AI Agent Hijacking
Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw agent
UK Vulnerability Monitoring Service Cuts Unresolved Security Flaws by 75%
The UK government says its new Vulnerability Monitoring Service has cut unresolved security flaws by 75% and reduced cyber-attack fix times from nearly two m...
ZDI-26-123: Docker Desktop MCP Server Cleartext Storage of Sensitive Information Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Docker Desktop. An attacker must first obtain the ab...
Threat and Vulnerability Management in 2026
Understand the future of threat and vulnerability management (TVM). Learn what TVM is, why traditional tools fail, and how intelligence is essential in today...
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our e...
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the res...
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One ef...
Lack of isolation in agentic browsers resurfaces old vulnerabilities
With browser-embedded AI agents, we’re essentially starting the security journey over again. We exploited a lack of isolation mechanisms in multiple agentic ...
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yiel...