A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks.

A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under ...

Hackers exploited a vulnerability in PTC Windchill in the wild, marking the first confirmed real-world abuse of the PLM ...

F5 fixes CVE-2026-42530 and CVE-2026-42055 in NGINX Open Source, addressing HTTP/3 and HTTP/2 flaws that could allow remote ...

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. The flaw was reported on ...

PixelSmash is a vulnerability in the FFmpeg framework that can be exploited via crafted media files for remote code execution ...

Actively exploited CVE-2026-5027 lets attackers write files to arbitrary locations on vulnerable Langflow servers, creating a path to remote code execution and full system compromise.

Microsoft disrupted StegoAd, a malicious browser extension campaign affecting up to 2.6 million users. StegoAd used hidden payloads, delayed execution and steganography to evade browser security ...