The widely used open-source library has been patched to defend against a heap buffer overflow flaw that’s been in the code since its inception.

Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic, targeting Baota panels, Asian TLDs ...

API keys and credentials. Agents operate inside authorized permissions where firewalls can't see. Traditional security models ...

Two old fashioned software vulnerabilities in a hot artificial intelligence (AI) framework could have allowed attackers to take over users' cloud environments. Not every vulnerability affecting AI ...

Four security vulnerabilities have been found in the open source Ingress NGINX traffic controller that is extensively used by organizations in Kubernetes deployments. They can only be fixed by ...

OpenClaw jumped from 1,000 to 21,000 exposed deployments in a week. Here's how to evaluate it in Cloudflare's Moltworker sandbox for $10/month — without touching your corporate network.

Worm-driven TeamPCP campaign exploits Docker, Kubernetes, Redis, Ray, and React2Shell to build proxy infrastructure for data theft and ransomware.

Meanwhile, IP-stealing 'distillation attacks' on the rise A Chinese government hacking group that has been sanctioned for targeting America's critical infrastructure used Google's AI chatbot, Gemini, ...

There were some changes to the recently updated OWASP Top 10 list, including the addition of supply chain risks. But old ...

Hackers are targeting global shipping technology to steal cargo worth millions. New cybersecurity threats expose supply chain vulnerabilities worldwide.

From small publishers to US federal agencies, websites are reporting unusual spikes in automated traffic linked to IP addresses in Lanzhou, China.

As infrastructure hardens under new resilience rules, attackers are pivoting to the one asset that can’t be patched: people ...