A vulnerability patched a few months ago in the Ghost content management system (CMS) has been exploited to hack hundreds of websites, including ones belonging to major organizations, according to Chinese cybersecurity company Qianxin. The exploited vulnerability is tracked as… Read More "Ghost CMS Vulnerability Exploited to Hack Over 700 Websites"
Anthropic says its Claude Mythos model discovered thousands of severe vulnerabilities across more than 1,000 open source software (OSS) projects. According to the AI giant, Mythos Preview has identified more than 23,000 potential vulnerabilities. Of these, 1,900 have been reviewed… Read More "Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects"
Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Dubbed Underminr, the issue is a variant of domain fronting, a now-mitigated type of attack that enabled threat actors to place… Read More "‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains"
TrendAI, Trend Micro’s enterprise business, has informed customers that it has patched another Apex One vulnerability that has been exploited in the wild. The zero-day, tracked as CVE-2026-34926, is a medium-severity directory traversal issue that can be exploited by an… Read More "TrendAI Patches Apex One Zero-Day Exploited in the Wild"
The number of Chrome vulnerabilities discovered by Google has surged over the past month, likely driven by the company’s use of AI. Chrome security advisories published by Google in late March and early April mentioned a handful of vulnerabilities “reported… Read More "Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI"
Cisco on Wednesday announced patches for a critical-severity vulnerability in Secure Workload that could allow attackers to access site resources with Site Admin privileges. The flaw, tracked as CVE-2026-20223 (CVSS score of 10/10), exists due to insufficient validation and authentication… Read More "Cisco Patches Critical Vulnerability in Secure Workload"
Drupal has patched a highly critical vulnerability that could allow threat actors to hack websites powered by the open source content management system (CMS). The developers of the CMS had alerted users prior to the patch’s release that an exploit… Read More "Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking"
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The global interconnectivity of business, and the systems and software it uses, has elevated the supply chain and supply chain… Read More "Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility"
A cybersecurity researcher says Anthropic has silently patched a vulnerability that would have allowed an attacker to bypass the Claude Code network sandbox, potentially enabling data exfiltration. Claude Code’s network sandbox funnels all outbound traffic through a local allowlist proxy,… Read More "Anthropic Silently Patches Claude Code Sandbox Bypass"
Proof-of-concept (PoC) code is now available for another Linux kernel vulnerability that could allow attackers to elevate their privileges to root. Dubbed DirtyDecrypt (aka DirtyCBC), the exploit comes from the V12 security team, which discovered it earlier this month, after… Read More "PoC Released for DirtyDecrypt Linux Kernel Vulnerability"
