Anthropic Silently Patches Claude Code Sandbox Bypass
The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data. The post Anthropic Silently Patches Cl...
Vulnerability Disclosure
20 articles
Implement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speed
As frontier AI models collapse the traditional exploit window, Tenable Hexa AI transforms the security operating model from manual triage to agentic orchestr...
Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches
Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours.
ArmorCode gives security teams AI workers for exposure and remediation
ArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operati...
Exploit released for new PinTheft Arch Linux root escalation flaw
PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attacker...
Why some security fixes never reach your vulnerability dashboard
On April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.
Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector
Verizon DBIR finds 31% of data breaches began with software flaws last year
New NGINX Vulnerability Exposes Servers to Malicious Code Execution
NGINX has disclosed a new high‑severity vulnerability in its JavaScript module that can allow remote attackers to crash servers and, in specific conditions, ...
CVE Lite CLI: Open-source dependency vulnerability scanner
Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, contin...
PoC Exploit Released for DirtyDecrypt Linux Kernel Vulnerability
PoC exploit code for the DirtyDecrypt (DirtyCBC) Linux kernel vulnerability has been released publicly, turning a previously theoretical local privilege esca...
Hackers Exploit MSHTA to Deploy LummaStealer and Amatera Malware
Hackers are increasingly abusing the legacy Microsoft HTML Application Host (MSHTA) utility to deliver commodity malware such as LummaStealer and Amatera. De...
Max-severity flaw in ChromaDB for AI apps allows server hijacking
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed s...
Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation
Drupal says attackers may develop an exploit for the vulnerability within hours or days. The post Drupal to Patch Highly Critical Vulnerability at Risk of Qu...
Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
Microsoft's total vulnerability count stayed steady in 2025, but critical flaws surged year over year. BeyondTrust breaks down why attackers are increasingly...
Edera and Minimus partner for end-to-end container security
The partnership addresses the growing threat of AI-powered vulnerability discovery, which is accelerating the pace at which adversaries can exploit open-sour...
Unpatched ChromaDB Vulnerability Can Lead to Server Takeover
The security defect can be exploited remotely, without authentication, to execute arbitrary code and leak sensitive information. The post Unpatched ChromaDB ...
AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software
AI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design software
Kieback & Peter DDC Building Controllers
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. The following versions of Ki...
Siemens RUGGEDCOM APE1808 Devices
View CSAF Summary A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software al...
ZKTeco CCTV Cameras
View CSAF Summary Successful exploitation of this vulnerability could result in information disclosure, including capture of camera account credentials. The ...