Author: Robbie
Quest NetVault Backup XSS Flaw Enables Authentication Bypass
A cross-site scripting vulnerability in Quest NetVault Backup's viewclient webpage allows remote attackers to bypass authentication and, chained with other flaws, execute…
ATEN Unizon Flaw Allows Remote Code Execution via Broken Signature Check
A cryptographic signature verification failure in ATEN Unizon lets authenticated remote attackers execute arbitrary code as SYSTEM. A patch is available.
Oracle PeopleSoft SSRF Flaw Requires No Auth, Scores 9.3 CVSS
A server-side request forgery vulnerability in Oracle PeopleSoft's HttpListeningConnector can be exploited by unauthenticated remote attackers and chained with other bugs to…
X.Org Server Use-After-Free Flaw Leaks Sensitive Data to Local Attackers
A use-after-free vulnerability in X.Org Server's screen saver handling allows local attackers to read sensitive memory, with potential for privilege escalation to…
Google Integrates Computer Use Directly into Gemini 3.5 Flash
Google DeepMind has built computer use natively into Gemini 3.5 Flash, enabling agents to interact with browser, mobile, and desktop environments while…
Hijacked npm and Go Packages Deploy Python Infostealer via VS Code Tasks
Researchers have identified two compromised npm packages and a cluster of malicious Go packages that abuse Visual Studio Code task mechanisms to…
Critical libssh2 Flaw Gets Public PoC, Clients at Risk of Code Execution
A proof-of-concept exploit is now public for CVE-2026-55200, a critical memory corruption bug in libssh2 that allows a malicious SSH server to…
OpenAI Launches GPT-5.6 Sol as Its Most Advanced Cybersecurity Model
OpenAI has unveiled a limited preview of GPT-5.6 Sol, a flagship model designed for high-intensity security reasoning tasks, with access initially restricted…
OpenAI and Anthropic Submit New AI Models to Trump Administration Review
Both companies are restricting access to their newest and most capable AI models to government-approved customers while federal officials assess cybersecurity risks.…
DirtyClone Linux Kernel Flaw Enables Root Access via Socket Buffer Corruption
JFrog has released technical details and a proof-of-concept for DirtyClone, a high-severity Linux kernel privilege escalation vulnerability that extends a broader family…
236,000 DCloud Uni-App Sites Fueling Crypto Scams and Phishing Campaigns
Infoblox researchers have identified over 236,000 websites built on a legitimate Chinese open-source framework that are being weaponized for investment scams, pig-butchering…
Ukraine to Convert $8.3M in Seized Crypto Into War Bonds
Ukrainian authorities have placed cryptocurrency seized from an international cybercrime group under state management, with plans to convert the funds into government…