A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise ...

A critical remote code execution flaw in GitHub was patched by Microsoft in roughly two hours after public disclosure, ...

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal — and don't — about agent runtime protection.

Security researchers at JFrog worked with biotechnology company 23andMe to address a vulnerability with Yamale, a tool written by the company and used by over 200 repositories. The smartest companies ...

MetInfo CMS flaw CVE-2026-29014 exploited after April 7 patch, enabling remote code execution and targeting 2,000 instances.

A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue. A newly disclosed vulnerability in GitLab Duo ...

Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. It paves the way for code execution and other cyberattacks on targeted endpoints. The ...

Cisco has released almost two dozen security updates. They close several high-risk flaws, for example in Unity Connection.

The FTP server ProFTPD includes a module called mod_sql. It contains an SQL injection vulnerability that can ultimately lead to the execution of injected code.

Cisco has fixed a command injection vulnerability with public exploit code that lets attackers escalate privileges to root on vulnerable systems. Tracked as CVE-2024-20469, the security flaw was found ...