A six-month investigation into AI-assisted development tools has uncovered over thirty security vulnerabilities that allow ...

The actively exploited zero-day bug — and the one therefore that needs high-priority attention — is CVE-2025-62221, which ...

Attacks against CVE-2025-55182, which began almost immediately after public disclosure, have increased as more threat actors ...

The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. Ivanti on Tuesday announced patches for four vulnerabilities in Endpoint Manager ...

Microsoft’s big December 2025 Patch Tuesday fixes 3 zero-day flaws and 57 other vulnerabilities.

Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy ...

The American Hospital Association is advising hospitals and health systems to fix a cybersecurity flaw that received the highest vulnerability score possible. The remote code execution vulnerability ...

Could 2026 be the year of the beautiful back end? We explore the range of options for server-side JavaScript development, ...

Patches are available, and it's critical that admins update servers now.

A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, ...

CVE-2025-6218 is a directory traversal remote code execution vulnerability in the popular WinRAR file compression tool that ...

Hackers are targeting the second of two four-year-old vulnerabilities in the open-source supervisory control and data ...