CVE-2026-1357 exposes a critical WordPress WPvivid plugin flaw, allowing unauthenticated RCE, enabling attackers to upload PHP files and fully compromise sites. The post CVE-2026-1357: WordPress ...

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.

Security issue impacts Firefox web browser and Thunderbird email client, potentially enabling attackers to execute arbitrary ...

A worrying Google Chrome bug was patched ...

Google released an emergency Chrome update on Friday to patch a zero-day vulnerability that has been exploited in the wild.

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google ...

Background In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, ...

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. The open-source ...

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files ...

Flaw abused 'in an extremely sophisticated attack against specific targeted individuals' Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an ...

Fortinet has fixed nine vulnerabilities, including high-severity command execution and authentication bypass flaws.