Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow ...

Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at ...

Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the ...

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain ...

Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was ...

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and ...

On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique ...

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for ...

Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply ...

Dell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of ...