vulnerability

Researchers discovered a Google Gemini vulnerability that allowed malicious WhatsApp, Slack, and SMS notifications to manipulate the AI assistant and trigger unauthorized actions on Android devices.

A vulnerability in Instagram's Meta AI-powered account recovery system allegedly allowed attackers to obtain password reset codes and hijack high-value accounts by bypassing identity verification checks.

CERT-In has issued new guidelines requiring organizations to patch critical internet-facing vulnerabilities within 12 hours, warning that AI-powered cyberattacks are drastically reducing exploitation timeframes and increasing cyber risk.

A newly disclosed Linux kernel vulnerability, CVE-2026-46333, allows attackers to steal SSH private keys and gain root access through a local privilege escalation flaw affecting Linux systems for nearly nine years.

A critical PAN-OS vulnerability (CVE-2026-0300) in the User-ID Captive Portal allows unauthenticated remote code execution with root privileges. Limited exploitation has been linked to state-sponsored activity involving log tampering, Active Directory enumeration, and deployment of tunneling tools like EarthWorm and ReverseSocks5.

Google patches CVE-2026-0073, a critical Android zero-click flaw enabling remote shell access without user interaction. Update devices immediately.

Microsoft patches CVE-2026-32202, a Windows zero-click flaw exploited by APT28 hackers to bypass Defender SmartScreen and steal authentication hashes.

A critical flaw in Anthropic MCP exposes millions to RCE attacks, risking full system takeover, data theft, and AI infrastructure compromise.

A new cybersecurity threat, dubbed CosmicSting, is wreaking havoc on Adobe Commerce and Magento stores. Exploiting a critical vulnerability (CVE-2024-34102), attackers are using remote code execution to infiltrate e-commerce platforms, steal sensitive data, and compromise entire systems.