February 2026 Patch Tuesday restricts Windows credential autofill to fix a Windows Hello input injection flaw (CVE-2026-20804 ...

CISA confirms active exploitation of CVE-2024-43468 in Microsoft Configuration Manager and urges immediate patching.

CVE-2026-21525 is a denial-of-service vulnerability affecting the Windows Remote Access Connection Manager. “Exploitation is local, requires no privileges, and does not rely on user interaction,” ...

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond ...

CISA warns of a new SmarterTools SmarterMail vulnerability exploited by ransomware groups for unauthenticated RCE.

Researchers have detected attacks that compromised Bomgar appliances, many of which have reached end of life, creating problems for enterprises seeking to patch.

Anthropic's Opus 4.6 system card breaks out prompt injection attack success rates by surface, attempt count, and safeguard ...

Fluent Forms Contact Form Builder is one of the most popular contact forms for WordPress, with over 300,000 installations. Its drag-and-drop interface makes creating custom contact forms easy so that ...

Cisco has fixed a command injection vulnerability with public exploit code that lets attackers escalate privileges to root on vulnerable systems. Tracked as CVE-2024-20469, the security flaw was found ...

The emergence of generative artificial intelligence services has produced a steady increase in what is typically referred to as “prompt injection” hacks, manipulating large language models through ...

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through ...

For more than a decade, injection vulnerabilities have literally topped the charts of critically dangerous software flaws, deemed more serious than all other types of vulnerabilities in the 2010, 2013 ...