A threat actor built an exploit for a critical-severity vulnerability in Marimo and started using it in attacks roughly nine hours after the bug’s public disclosure, cloud security firm Sysdig reports. Marimo is an open source reactive notebook for Python… Read More "Critical Marimo Flaw Exploited Hours After Public Disclosure"
A researcher has come across what appears to be an actively exploited Adobe Reader zero-day vulnerability. Haifei Li is asking the cybersecurity community for assistance in investigating what he describes as a sophisticated PDF exploit. Li is a reputable researcher… Read More "Adobe Reader Zero-Day Exploited for Months: Researcher"
A critical-severity vulnerability in the File Uploads addon for the Ninja Forms WordPress plugin could allow threat actors to take over vulnerable deployments, cybersecurity firm Defiant warns. Defiant says the affected addon is used by roughly 50,000 websites, and the… Read More "Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover"
Threat actors have started to exploit a critical vulnerability in Flowise that allows them to execute arbitrary code remotely, VulnCheck warns. Flowise is an open source development platform that allows users to build customized LLM flows and autonomous agents using… Read More "Critical Flowise Vulnerability in Attacker Crosshairs"
Chinese hackers have exploited a zero-day vulnerability in the TrueConf video conferencing software in attacks against government entities in Asia, Check Point reports. The exploited bug, tracked as CVE-2026-3502 (CVSS score of 7.8), exists because the application does not properly… Read More "TrueConf Zero-Day Exploited in Asian Government Attacks"
Apple is rolling out iOS and iPadOS updates for older devices to protect them against the recently disclosed DarkSword exploit kit. A few weeks after the Coruna exploit kit came to light, iVerify, Google, and Lookout warned of another dangerous… Read More "Apple Rolls Out DarkSword Exploit Protection to More Devices"
Google has announced a Chrome 146 update that patches 21 vulnerabilities, including a zero-day that has been exploited in the wild. According to an advisory from Google, the latest browser update fixes 19 high-severity and 2 medium-severity issues. The exploited… Read More "Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome"
