A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and ...

Indirect prompt injection lets attackers bypass LLM supervisor agents by hiding malicious instructions in profile fields and contextual data. Learn how this attack works and how to defend against it.

Palo Alto Networks and SonicWall have released patches for multiple vulnerabilities, including high-severity flaws.

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without ...

Cisco has handed security teams one of the largest ever patching workloads affecting its firewall products, including fixes for two ‘perfect 10’ vulnerabilities in the company’s Secure Firewall ...

Researchers have detected attacks that compromised Bomgar appliances, many of which have reached end of life, creating problems for enterprises seeking to patch. Researchers warn that a critical ...

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries. The ...

Enterprise software maker SAP on Tuesday announced the release of 17 new security notes as part of its January 2026 Security Patch Day. Four of the notes address critical-severity vulnerabilities. The ...

There’s a well-worn pattern in the development of AI chatbots. Researchers discover a vulnerability and exploit it to do something bad. The platform introduces a guardrail that stops the attack from ...

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a recently uncovered critical vulnerability on langchain-core, the foundational library behind ...