Security researchers have discovered critical privilege escalation vulnerabilities in Google’s Vertex AI platform that allow attackers with minimal permissions to hijack high-privileged Service Agent accounts.…
Security researchers have uncovered two critical cross-site scripting (XSS) vulnerabilities in Meta’s Conversions API Gateway that could enable attackers to hijack Facebook accounts on a…
Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. Security researchers recently demonstrated this vulnerability by exploiting…
Microsoft’s latest security update for Windows 11 has triggered an unexpected problem affecting enterprise users: PCs equipped with Secure Launch are unable to shut down…
The Go development team has released Go versions 1.25.6 and 1.24.12, addressing six critical security vulnerabilities that could enable denial-of-service attacks, arbitrary code execution, and…
UAT-8837, a China-nexus advanced persistent threat (APT) actor, is conducting sustained campaigns against critical infrastructure sectors across North America. The group, assessed with medium confidence…
The National Security Agency has published the first two products in its Zero Trust Implementation Guidelines series, offering organizations practical recommendations for adopting Zero Trust security models. …
Cisco has confirmed an ongoing cyberattack campaign targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances, in which threat actors are executing arbitrary…
Google has initiated a gradual rollout of a highly requested feature that allows users to change their primary Google Account email address from one @gmail.com address to another. The…
Cymulate Research Labs discovered a high-severity authentication bypass vulnerability in Microsoft Windows Admin Centre’s Azure AD Single Sign-On implementation that enables attackers with local administrator…
A newly reported supply chain attack targeting the Amazon Web Services (AWS) management console has raised alarms across the developer community. Cybersecurity researchers have discovered…
Security researchers at Google Project Zero have disclosed a complete zero-click exploit chain affecting Google Pixel 9 smartphones, chaining vulnerabilities in the Dolby audio decoder…
