A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential ...

You can infect your PC with malware without ever leaving Notepad, thanks to recent updates and additions. Hooray.

Microsoft fixes a critical Notepad vulnerability in Windows 11 that could allow remote code execution via malicious Markdown files. Here are the details ...

Google released a Chrome security update patching three high-severity vulnerabilities, including memory flaws that could ...

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

CERT-In has issued a high-severity alert for Google Chrome desktop users, warning of a vulnerability that could allow remote ...

Google has released an emergency update to patch an actively exploited zero-day—the first Chrome zero-day of the year.

Four newly disclosed critical CVEs could allow attackers to create privileged accounts and execute arbitrary code, and they reinforce SolarWinds’ status as a high-value target.

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

Microsoft patches 59 vulnerabilities, including six actively exploited zero-days, with CISA mandating urgent federal remediation.