The Citizen Lab, a security laboratory at the University of Toronto, has revealed the existence of a zero-click, zero-day iPhone exploit chain called BLASTPASS. It is also said to have been used to ...

Security company Binarly has announced an exploit called LogoFAIL that attacks 24 vulnerabilities found in UEFI related to booting devices running Windows or Linux. The 'Logo' in LogoFAIL comes from ...

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.

The attacks, which unfolded over several days starting in late February, involved the bot opening crafted pull requests that ...

Claude Code would execute hidden code from untrusted projects before any user confirmation, Check Point reports.

In brief: Security researchers have uncovered a wide-ranging set of vulnerabilities in Apple's AirPlay protocol that could allow attackers to hijack Apple and third-party devices remotely without user ...

The Howyar UEFI Application “Reloader” (32-bit and 64-bit), distributed as part of SysReturn prior to version 10.2.02320240919, is vulnerable to the execution of arbitrary software from a hard-coded ...

Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software.

Attackers are actively targeting a critical flaw in a popular Python-based Web app for building AI agents and workflows to unleash a powerful botnet that can cause full system compromise, distributed ...

Attackers are already actively exploiting two vulnerabilities for which Microsoft issued patches on Nov. 12 as part of its monthly security update. And they could soon begin targeting two other ...