Which Came First: The System Prompt, or the RCE?
During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude...
vulnerabilities
QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025
QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025 Pierluigi Paganini March 23, 2026 QNAP fixed four vulnerabilities shown at...
Security Architecture for Hybrid Work: Enterprise Guide
According to Gallup, more than half (52%) of U.S. employers now follow a hybrid working model. For enterprises, there...
Dormant Accounts Leave Manufacturing Orgs Open to Attack
Workers who have been laid off or fired from their jobs often complain mightily that companies treat them like...
CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution
CVSS v3.1 base score of 9.8 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, according to the CNA Delta Electronics COMMGR2 contains an...
U.S. CISA adds Microsoft SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Microsoft SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March 18, 2026 U.S....
Rethinking Cyber Awareness: From Blame to Belonging
Every year, as Cybersecurity Awareness Month arrives, organizations dust off their campaigns, roll out phishing tests, and remind employees...
U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March 16, 2026...
U.S. CISA adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March 13, 2026 U.S. Cybersecurity and...
Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly
Everyone knows that one person on the team who’s inexplicably lucky, the one who stumbles upon a random vulnerability...
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
Ravie LakshmananMar 13, 2026Linux / Vulnerability Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that...
When Proxies Become the Attack Vectors in Web Architectures
Many Reverse proxy attack vectors expose a flawed assumption in modern web architectures that backends can blindly trust security-critical...
U.S. CISA adds a flaw in n8n to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a flaw in n8n to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March 12, 2026 The U.S....
Navigating 2026’s Converged Threats: Insights from Flashpoint’s Global Threat Intelligence Report
Blogs Blog In this post, we preview the critical findings of the 2026 Global Threat Intelligence Report, highlighting how...
Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that...