CISA flags VMware Aria Operations RCE flaw as exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as ...

Zenity Labs Discloses PleaseFix Vulnerability Family in Perplexity Comet and Other Agentic Browsers

Zenity Labs today disclosed PleaseFix, a family of critical vulnerabilities affecting agentic browsers, including Perplexity Comet, that allow attackers to silently hijack AI agents, access local ...
Dark Reading

Qualcomm Zero-Day Exploited in Targeted Android Attacks

The exploitation of CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...
TechSpot

Unwanted AI upgrade to Windows Notepad created a serious security flaw

The big picture: Microsoft released its latest Patch Tuesday update this week with 59 hotfixes across Windows, Microsoft Office, Azure, and core system components. The update includes patches for six ...
PC World

WinRAR under attack by state-level hackers, according to Google

PCWorld reports that Google’s Threat Intelligence Group discovered state-sponsored hackers from Russia and China actively exploiting a critical WinRAR vulnerability (CVE-2025-8088). This security flaw ...
The Hacker News

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete ...
Dark Reading

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

The year has barely begun, but 2026 is already in familiar territory for Fortinet customers, as a new vulnerability has come under attack. On Jan. 13, Fortinet disclosed a critical flaw in its ...
TechCrunch

Anthropic’s new Cowork tool offers Claude Code without the code

On Monday, Anthropic announced a new tool called Cowork, designed as a more accessible version of Claude Code. Built into the Claude Desktop app, the new tool lets users designate a specific folder ...
CSOonline

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...
SiliconANGLE

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a recently uncovered critical vulnerability on langchain-core, the foundational library behind ...