From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.

Zast.AI has raised $6 million in funding to secure code through AI agents that identify and validate software vulnerabilities ...

Ivanti has patched a dozen vulnerabilities in Endpoint Manager, including a new high-severity bug leading to credential exposure.

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively ...

Also today, SAP released 27 new and updated security notes, including two that address critical-severity vulnerabilities.

QSM lets users create quizzes, surveys, and forms without coding, with more than 40,000 websites actively using it - but recently, it was discovered versions 10.3.1 and older were vulnerable to an SQL ...

A popular WordPress quiz plugin can be abused to mount SQL injection attacks ...

Attackers could even have used one vulnerable Lookout user to gain access to other Google Cloud tenants' environments.

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries.

The Model Context Protocol (MCP) has quickly become the open protocol that enables AI agents to connect securely to external tools, databases, and business systems. But this convenience comes with ...

The exponential growth of data in relational (SQL) and non-relational (NoSQL) databases has led to an increase in injection attacks, ranking them among the top cybersecurity threats. This study ...

January 2026 was a wake-up month for enterprise security teams. In a single week, CERT-In released three high-severity advisories exposing critical flaws across SAP, Microsoft, and Atlassian, the very ...