A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

The Salt Project has issued a secondary fix for a command injection vulnerability after the first attempt to patch the issue partially failed. The vulnerability, tracked as CVE-2020-28243, impacts ...

Kaspersky’s Global Research and Analysis Team, identified a command injection vulnerability (CVE-2026-3102) in ExifTool, a free, open-source tool used worldwide to read and edit metadata in images, ...

Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks. Threat actors can exploit a security ...

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...