Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background ...

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

Critical-severity CVE-2026-42897 could lead to remote code execution, and hackers are already taking advantage.

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

Hackers are already exploiting a cross-site scripting flaw in Microsoft Exchange Server, leaving organisations running ...

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.

Microsoft has revealed a new threat affecting Microsoft Exchange Servers, a zero-day vulnerability that is reportedly being ...

Massive scale attack The "Megalodon" campaign compromised over 5,000 GitHub repositories in 6 hours by weaponizing automated GitHub Actions workflows that execute when developers push code or merge ...

Microsoft warns of a new zero-day vulnerability that leaves Exchange open to hackers.