The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE ...

Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes.

Practical DevSecOps launches the Certified Security Champion course to help orgs bridge the talent gap by upskilling ...

Rupantar study reveals Bangladesh’s online extremist network, led by AQIS, has expanded into mainstream social media, ...

Darktrace researchers say hackers used AI and LLMs to create malware to exploit the React2Shell vulnerability to mine ...

Security researchers detected artificial intelligence-generated malware exploiting the React2Shell vulnerability, allowing ...

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Despite more than a month after ...

An authenticated attacker (using the account created in step 1) can execute arbitrary OS commands as root via crafted HTTP requests. By combining these two vulnerabilities, an attacker can go from ...

Abstract: Link Flooding Attacks (LFA) exploit network topology knowledge to disrupt connectivity by targeting critical links and nodes. Existing defenses often presuppose an attacker with complete ...

Remember the WinRAR path handling exploit we reported on back in August? According to Google, that same flaw, officially dubbed CVE-2025-8088, is still being actively exploited, even though versions ...