Organizations deploying artificial intelligence infrastructure face a significant new security challenge following the discovery of a critical vLLM vulnerability that enables remote code execution through maliciously crafted API requests. This memory corruption vulnerability affects one of the most widely used large language model serving platforms and demands immediate attention from security teams managing AI infrastructure security.
Read More
In a sobering reminder of the persistent threats facing modern software development, a sophisticated NPM supply chain attack has successfully compromised multiple critical packages belonging to automation platform Zapier and the Ethereum Name Service (ENS). This incident underscores the urgent need for enhanced software supply chain security measures across enterprise development environments.
Read More
Google has confirmed that hackers have stolen the Salesforce-stored data of more than 200 companies in a large-scale supply chain hack.
Read More
Artificial intelligence has emerged as the defining force reshaping cybersecurity in 2025, fundamentally transforming both offensive and defensive capabilities at an unprecedented pace. Security leaders now face a paradoxical reality: the same AI technologies revolutionizing threat detection and incident response are simultaneously empowering adversaries with sophisticated attack automation, adaptive malware, and hyper-personalized social engineering campaigns.
Read More
The rapid adoption of artificial intelligence agents in enterprise environments has introduced a fundamentally new category of security vulnerability that transcends traditional attack vectors. Security researchers from AppOmni are warning ServiceNow’s Now Assist generative artificial intelligence (GenAI) platform can be hijacked to turn against the user and other agents.
Read More
Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers to escalate privileges and impersonate users. The flaw, tracked as CVE-2025-41115, has received the maximum CVSS score of 10.0, making it one of the most severe vulnerabilities discovered in recent times.
Read More
A critical-severity security vulnerability has been discovered in W3 Total Cache (W3TC), one of WordPress’s most widely deployed performance optimization plugins with over 1 million active installations. The vulnerability, tracked as CVE-2025-9501 with a severity score of 9.0/10 (critical), affects all versions of the plugin before 2.8.13.
Read More
Security researchers at Rapid7 have disclosed two critical authentication bypass vulnerabilities affecting Twonky Server version 8.5.2, a widely deployed DLNA/UPnP media server solution embedded in network-attached storage (NAS) devices, routers, set-top boxes, and residential gateways worldwide. These vulnerabilities enable unauthenticated remote attackers to gain complete administrative access to media server installations without requiring valid credentials or user interaction.
Read More
In today’s cybersecurity landscape, even the most routine online actions can hide devastating threats. A recent Akira ransomware attack demonstrates how a single click on what appeared to be a standard CAPTCHA verification led to a 42-day security nightmare that nearly crippled a global data storage company.
Read More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory regarding a critical vulnerability in Fortinet’s FortiWeb Web Application Firewall platform. Designated as CVE-2025-64446 with active exploitation confirmed in production environments, this security flaw presents an immediate and significant risk to organizations relying on FortiWeb for perimeter defense and application security.
Read More