3 Articles Today
150 This Month
6 Categories
150 Total Articles

Latest News

New U-Boot flaws could enable stealthy firmware attacks Malware Bleeping Computer
Bleeping Computer Jul 11, 2026 1 min read

New U-Boot flaws could enable stealthy firmware attacks

Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware. [...]

'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets Research Bleeping Computer
Bleeping Computer Jul 11, 2026 1 min read

'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets

A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo's .env and write every secret into the code as a list of numbers. [...]

Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions Vulnerabilities The Hacker News
The Hacker News Jul 11, 2026 1 min read

Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier. "The

Summer of Clearinghouses Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

Summer of Clearinghouses

Everyone seems to have announced a clearinghouse over the past few weeks. We did too. Ours is called Athena, and the main thing that sets it apart is that it was already real and running when we announced it β€” built quietly months earlier, heads down, taking findings and shipping fixes, because customers kept asking us to. We only announced it now because everyone else started announcing theirs,

Felons, Fraudsters Flog Offensive Cybersecurity Startup Vulnerabilities Krebs on Security
Krebs on Security Jul 10, 2026 6 min read

Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO researcher SΓ©bastien FΓ©ry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no login and no malformed packets: about 260 bytes of ordinary QPACK traffic takes the server

Showing 1–10 of 149 articles
1 2 3 ... 15 Next