Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to...
Vulnerability Disclosure
20 articles
ChatGPT data leakage vulnerability discovered and patched
Researchers at Check Point discovered that a single malicious prompt could exploit a hidden outbound channel within ChatGPT's code execution runtime.
Wordfence Bug Bounty Program Monthly Report – February 2026
Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers work...
VRP 2025 Year in Review
Posted by Dirk Göhmann, Tony Mendez, and the Vulnerability Rewards Program Team 2025 marked a special year in the history of vulnerability rewards and bug bo...
CrewAI Vulnerabilities Expose Devices to Hacking
Attackers can exploit the bugs through prompt injection, chaining them together to escape the sandbox and execute arbitrary code. The post CrewAI Vulnerabili...
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to...
ChatGPT Security Issue Enabled Data Theft via Single Prompt
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole
Exploitation of Critical Fortinet FortiClient EMS Flaw Begins
The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests. The post Exploitation of Crit...
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs
Remotely exploitable, the integer underflow vulnerability impacts StrongSwan releases spanning 15 years. The post StrongSwan Flaw Allows Unauthenticated Atta...
CISA orders feds to patch actively exploited Citrix flaw by Thursday
The U.S.
Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise
Researchers found an OpenAI Codex vulnerability that could have been exploited to compromise GitHub tokens. The post Critical Vulnerability in OpenAI Codex A...
ChatGPT Vulnerability Enabled Silent Leakage of Prompts and Sensitive Information
Artificial intelligence assistants increasingly handle our most sensitive data, operating under the assumption that enclosed environments keep this informati...
Notepad++ v8.9.3 Released With Fixes for cURL Security Flaw and Crash Bugs
Notepad++ rolled out version 8.9.
OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens
OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw.
F5 BIG-IP APM DoS bug exploited as an RCE, added to CISA list
Flaw upgraded to an actively exploited RCE, experts advise teams to patch right away.
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to ne...
Optimizing Risk Discovery and Remediation with Qualys Gateway Service (QGS)
Unpatched vulnerabilities remain one of the largest drivers of cyber risk, accounting for nearly 60% of cyber compromises. Modern security programs are there...
Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
More than 447K compromised by Lloyds IT glitch
Major UK retail and commercial financial services provider had information from over 447,000 customers using its mobile banking apps inadvertently exposed by...
Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
The state-sponsored group’s campaign has targeted government, higher education, financial, and legal entities, as well as think tanks. The post Russian APT S...