Coverage
Vulnerabilities
748 articles on vulnerability disclosures and exploits
Advertisement
CVE-2024-21390: EngageLab SDK Vulnerability Risks Android Crypto Wallets
Microsoft reveals a vulnerability in the EngageLab SDK affecting millions of Android crypto wallet users, potentially allowing for private key theft.
EngageLab SDK Vulnerability: Protecting Crypto Wallets from Sandbox Bypass
A flaw in EngageLab SDK exposed 50 million Android users to data theft. Learn how attackers bypass the Android sandbox to access private cryptocurrency keys.
Legacy Apache RCE and Hybrid P2P Botnet Resurgence Analysis
Exploration of a resurrected 13-year-old Apache RCE and the operational shifts of a hybrid P2P botnet architecture targeting enterprise infrastructure.
Palo Alto Networks & SonicWall High-Severity Privilege Escalation Patches
Palo Alto Networks and SonicWall have issued patches for high-severity vulnerabilities allowing privilege escalation to administrator. Immediate patching is advised.
Exposed Google API Keys in Android Apps Grant Gemini Access
Analysis of Google API keys found in Android apps that enable unauthorized access to Gemini AI endpoints, detailing risks and mitigation for developers.
Adobe Reader Zero-Day Exploited via Malicious PDF Documents
Researchers reveal a sophisticated Adobe Reader zero-day exploit used in the wild since late 2025, involving malicious PDF invoices to compromise systems.
CVE-2026-1340: Ivanti EPMM Code Injection — Patch Now
CISA adds CVE-2026-1340, a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM), to its KEV Catalog due to active exploitation. Immediate
AI-Led Remediation Crisis: HackerOne Halts Bug Bounties
HackerOne pauses bug bounties due to an AI-driven remediation crisis, highlighting how automated vulnerability discovery overwhelms open-source project capacity to fix
Apache ActiveMQ Classic RCE via Jolokia API: Patch Now
An unauthenticated Remote Code Execution flaw, present for 13 years, impacts Apache ActiveMQ Classic, allowing full system compromise. Immediate patching is critical.
OpenSSL: Data Leakage & DoS Vulnerabilities Patched
OpenSSL patches seven vulnerabilities, including a data leakage flaw and multiple denial-of-service risks. Update immediately to secure cryptographic communications.
Ninja Forms RCE via Arbitrary File Upload: Mitigation Guide
Hackers are actively exploiting a critical Ninja Forms vulnerability to upload arbitrary files and achieve RCE. Learn how to secure your WordPress site now.
Claude Mythos Identifies Thousands of Zero-Day Flaws in Major Systems
Anthropic's Project Glasswing uses the Claude Mythos AI model to uncover thousands of zero-day vulnerabilities across infrastructure from AWS, Google, and Cisco.