Vulnerabilities in Anthropic MCP server could be exploited via prompt injections to execute arbitrary code and read/delete arbitrary files.

JFrog this week published an analysis of a vulnerability in Redis databases that may be more serious than initially thought following the discovery of a ...

Among them is a zero-day vulnerability in Desktop Window Manager (DWM) designated as CVE-2026-20805 (CVSS score: 5.5), which ...

Trend Micro has patched a critical-severity vulnerability in Apex Central (on-premise) which allowed threat actors to run ...

Google made another change to the JavaScript SEO documentation help document to explain and clarify JavaScript execution on non-200 HTTP status codes. The change. Google wrote, “All pages with a 200 ...

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately. A maximum severity remote code execution vulnerability in Hewlett Packard ...

Enterprises relying on Gladinet’s file-sharing services are faced with another round of zero-day patching, this time to block attackers from abusing cryptographic keys directly baked into its ...

Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. As Microsoft ...

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...

Cross-Site Scripting (XSS) is often underestimated as a minor vulnerability. In reality, XSS can open the door to more severe attacks when combined with other vulnerabilities. This post is the second ...

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems before a fix in version 20.0.0. A critical remote-code execution (RCE) flaw ...