A critical zero-day vulnerability has been disclosed in the Gemini MCP Tool, enabling unauthenticated remote attackers to execute arbitrary code…
The Google Threat Intelligence Group (GTIG) warns that nation-state actors and financially motivated threat actors are exploiting a flaw in…
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk…
The ZAP (Zed Attack Proxy) project, a widely used open-source web application security scanner, has disclosed a critical memory leak…
A new longitudinal study of Magecart-style eSkimming attacks overturns the assumption that discovery equals recovery. Instead of being a one-time…
State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year…
Researchers discovered 16 malicious browser extensions for Google Chrome and Microsoft Edge that steal ChatGPT session tokens, giving attackers access…
Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber…
The Emirates Nuclear Energy Company (ENEC), the Technology Innovation Institute (TII) and Aspire have launched a joint proof-of-concept (PoC) project…
By Itamar Apelblat, CEO & Co-Founder, Token Security For decades, compliance frameworks were built on an assumption that now feels…
A critical privilege-escalation vulnerability has been discovered in Check Point’s Harmony SASE (Secure Access Service Edge) Windows client software, affecting versions prior…
Cal.com, an open-source scheduling platform and developer-friendly alternative to Calendly, recently patched a set of critical vulnerabilities that exposed user…