A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. Identified as ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

Security firm DepthFirst has reportedly detected multiple vulnerabilities in the source code of the web server software 'NGINX' after feeding it into their analysis system, including four memory ...

An LLM-powered system found 4 security bugs, including a critical one in the web server’s URL rewrite module. Researchers have found a critical vulnerability in the widely used Nginx web server that ...

Three separate vulnerabilities impact Cisco’s identity services. All have been patched. Severe vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC ...

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim ...

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...