Coverage
Vulnerabilities
11 articles on vulnerability disclosures and exploits
Cryptographic Flaws in Password Manager Zero-Knowledge Architectures
Technical analysis of Bitwarden, Dashlane, and LastPass reveals server-side attack vectors that bypass zero-knowledge encryption through account recovery and group sharing mechanisms.
Exploitation of SVG-Based XSS in RoundCube Webmail Instances
Technical analysis of a cross-site scripting (XSS) vulnerability in RoundCube Webmail triggered by improper sanitization of SVG animate elements.
Exploitation of Roundcube Webmail Cross-Site Scripting Vulnerabilities
CISA has added two Roundcube Webmail vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation of legacy flaws in webmail infrastructure.
Microsoft February 2026 Security Update: Analysis of Six Actively Exploited Zero-Days
Microsoft's latest security release addresses 50+ vulnerabilities, including six zero-day exploits targeting Windows kernel components and browser engines.
Logic Flaws and Data Exfiltration in Autonomous AI Agent Architectures
Technical analysis of guardrail bypasses in LLM-integrated agents, highlighting the transition from conversational models to autonomous actors with privileged access.
Automated Reconnaissance Targeting React2Shell Implementations
Analysis of a specialized toolkit currently utilized by threat actors to identify and exploit React2Shell vulnerabilities within enterprise network perimeters.
Unauthenticated Root RCE in Grandstream IP Phones
A critical vulnerability tracked as CVE-2026-2329 allows unauthenticated remote code execution with root privileges on Grandstream VoIP endpoints.
Automated Exploitation Analysis: AI-Assisted Breach of FortiGate Infrastructure
Amazon threat intelligence identifies a high-velocity campaign leveraging LLM automation to compromise over 600 FortiGate firewalls across 55 countries in a five-week period.
CISA Catalogs Critical Roundcube Deserialization Vulnerability Under Active Exploitation
CISA has added CVE-2025-49113 to the Known Exploited Vulnerabilities catalog, addressing a critical RCE flaw in Roundcube webmail software resulting from untrusted data deserialization.
Anthropic Claude Code Security: Automated Static Analysis and Remediation Preview
Anthropic has introduced Claude Code Security, a research-preview tool designed to perform static analysis for vulnerability detection and automated patch generation across enterprise codebases.
Critical Zero-Day in Linux Kernel Exposes Millions of Servers
A newly discovered zero-day vulnerability in the Linux kernel's netfilter subsystem allows local privilege escalation on systems running kernel versions 5.14 through 6.6. Patches are available upstream.