CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.

Personal AI agents are exploding in popularity, but nearly all of them still route intelligence through cloud APIs. Your "personal" AI continues to depend on someone else's server. At the same time, ...

The real leap in Anthropic's and OpenAI's latest cyber-capable models isn't that they can hack in entirely new ways, but that ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...

Axios, a widely used JavaScript library, is affected by a new critical vulnerability that enables attackers to chain exploits ...

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...

Spread the loveIn a chilling reminder of the vulnerabilities inherent in open source software, two significant supply chain attacks occurred in March 2026, targeting widely used tools that affect a ...

PORTLAND Ore. (KPTV) - Gov. Tina Kotek held a ceremonial bill signing Thursday morning for a package of immigrant justice laws at the Immigrant and Refugee Community Organization in northeast Portland ...

The leak online of exploit code for an apparent Windows zero-day flaw dubbed "BlueHammer" could be the sign of a larger issue that security researchers face when collaborating with Microsoft on ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...