Vulnerabilities

Google Patches Critical CVSS 10 Gemini CLI CI RCE Flaw as Cursor Vulnerabilities Enable Code Execution

Google has resolved a critical security issue with a maximum severity rating that impacted its Gemini CLI ecosystem, a flaw that could have enabled attackers to execute unauthorized commands on affected systems. According to a report published by Novee Security, the vulnerability allowed attackers without privileges to inject malicious configurations into Gemini CLI environments. This manipulation […]

Google Patches Critical CVSS 10 Gemini CLI CI RCE Flaw as Cursor Vulnerabilities Enable Code Execution Read More »

LiteLLM CVE-2026-42208 SQL Injection Vulnerability Exploited Within 36 Hours of Disclosure

A critical security flaw in the LiteLLM Python package has been rapidly exploited by threat actors shortly after its public disclosure, highlighting the growing speed at which attackers weaponize newly revealed vulnerabilities. The issue, tracked as CVE-2026-42208 with a severity score of 9.3, affects LiteLLM, an open-source AI gateway developed by BerriAI. Nature of the Vulnerability

LiteLLM CVE-2026-42208 SQL Injection Vulnerability Exploited Within 36 Hours of Disclosure Read More »

Researchers Uncover Critical GitHub CVE-2026-3854 RCE Vulnerability Exploitable Through a Single Git Push

Security researchers have revealed a high-impact vulnerability affecting GitHub that could enable attackers to execute arbitrary code using nothing more than a single git push command. Tracked as CVE-2026-3854, the flaw carries a CVSS score of 8.7 and impacts both GitHub.com and GitHub Enterprise Server environments. Nature of the Vulnerability The issue is classified as a command injection flaw.

Researchers Uncover Critical GitHub CVE-2026-3854 RCE Vulnerability Exploitable Through a Single Git Push Read More »

Critical Unpatched Vulnerability Exposes Hugging Face LeRobot to Unauthenticated Remote Code Execution

A serious security vulnerability has been identified in LeRobot, an open-source robotics platform developed by Hugging Face, potentially allowing attackers to execute arbitrary code without authentication. Tracked as CVE-2026-25874, the flaw carries a high severity rating of 9.3 and raises significant concerns for organizations using AI-driven robotics systems. Root Cause of the Vulnerability The issue

Critical Unpatched Vulnerability Exposes Hugging Face LeRobot to Unauthenticated Remote Code Execution Read More »

Microsoft Fixes Entra ID Role Vulnerability That Allowed Service Principal Takeover

Microsoft has addressed a critical security weakness in its Entra ID platform that could have allowed attackers to gain control over service principals and escalate privileges within enterprise environments. The issue, uncovered by cybersecurity firm Silverfort, involved a built-in administrative role designed for managing artificial intelligence driven identities. Understanding the Role and the Risk The vulnerability

Microsoft Fixes Entra ID Role Vulnerability That Allowed Service Principal Takeover Read More »

Microsoft Confirms Active Exploitation of Windows Shell Vulnerability CVE-2026-32202

Microsoft has officially updated its security advisory to confirm that a recently patched vulnerability in Windows Shell has been actively exploited in real-world attacks. The flaw, identified as CVE-2026-32202, highlights ongoing risks within Windows environments despite recent security updates. Details of the Vulnerability The issue, assigned a CVSS score of 4.3, is categorized as a

Microsoft Confirms Active Exploitation of Windows Shell Vulnerability CVE-2026-32202 Read More »

PhantomCore Leverages TrueConf Vulnerabilities to Compromise Russian Networks

A pro Ukrainian hacktivist group known as PhantomCore has been linked to a series of cyberattacks targeting servers running TrueConf video conferencing software across Russia since September 2025. Security researchers report that the campaign involves a carefully built exploitation chain that allows remote command execution and deep network infiltration. Exploitation of TrueConf Security Flaws According

PhantomCore Leverages TrueConf Vulnerabilities to Compromise Russian Networks Read More »

Apple Patches iOS Vulnerability That Allowed FBI to Recover Deleted Signal Messages

Apple has released important security updates to fix a flaw in its iOS and iPadOS systems that could allow previously deleted notifications, including messages from Signal, to remain stored on devices. Vulnerability Details The issue, identified as CVE-2026-28950, was linked to how notification data was handled internally. Instead of being fully removed, certain notifications marked for deletion were

Apple Patches iOS Vulnerability That Allowed FBI to Recover Deleted Signal Messages Read More »

Microsoft Releases Security Updates Fixing SharePoint Zero-Day and 168 Additional Vulnerabilities

Microsoft has released its latest Patch Tuesday security updates, addressing a total of 169 vulnerabilities across its software ecosystem. Among these is a zero-day vulnerability in SharePoint Server that is currently being exploited in real-world attacks. Breakdown of Vulnerabilities Out of the 169 identified flaws: A large portion of these issues, around 93 vulnerabilities, are related to privilege escalation. Other

Microsoft Releases Security Updates Fixing SharePoint Zero-Day and 168 Additional Vulnerabilities Read More »

Anthropic’s Claude Mythos Uncovers Thousands of Zero-Day Vulnerabilities Across Major Systems

Artificial intelligence company Anthropic has introduced a new cybersecurity initiative called Project Glasswing, powered by an advanced preview model known as Claude Mythos. The program aims to strengthen global software security by identifying and fixing critical vulnerabilities before they can be exploited. The initiative will involve collaboration with major technology and security organizations, including Amazon

Anthropic’s Claude Mythos Uncovers Thousands of Zero-Day Vulnerabilities Across Major Systems Read More »