flaw

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

AndyC 30 April 2026

Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub...

Vendor News

Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch

AndyC 30 April 2026

Microsoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for unpatched...

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

AndyC 25 April 2026

A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation...

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

AndyC 17 April 2026

Ravie LakshmananApr 17, 2026Vulnerability / Enterprise Security A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active...

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

AndyC 16 April 2026

Ravie LakshmananApr 15, 2026Web Security / Vulnerability A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management...

Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

AndyC 11 April 2026

Image: ChatGPT A critical Android software development kit (SDK) flaw has turned a utility tool into a malware bridge, gaining...

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

AndyC 8 April 2026

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution Pierluigi Paganini April 07, 2026 Attackers are exploiting a critical...

U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog

AndyC 8 April 2026

U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog Pierluigi Paganini April 07, 2026...

Hacking

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

AndyC 7 April 2026

Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings...

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed

AndyC 7 April 2026

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed Pierluigi Paganini April 06, 2026 Over 14,000 F5...

Security Blogs

flaw

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed

CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog

U.S. CISA adds a flaw in Google Dawn to its Known Exploited Vulnerabilities catalog

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

The calm before the ransom: What you see is not all there is

The calm before the ransom: What you see is not all there is

GopherWhisper: A burrow full of malware

GopherWhisper: A burrow full of malware

New NGate variant hides in a trojanized NFC payment app

New NGate variant hides in a trojanized NFC payment app

Donate Bitcoin to this address

Donate Ethereum to this address

Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed