CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...

Hackers are abusing unpatched Windows security flaws to hack into organizations

A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit ...

Researchers warn Microsoft Defender vulnerability is already being exploited

A security researcher known as Chaotic Eclipse recently disclosed a vulnerability dubbed "Red Sun" affecting Microsoft ...

GitLab Extends Agentic AI with New Automated Security Remediation, Pipeline Setup, and Delivery Analytics

GitLab 18.11 helps address those gaps with platform-native agents that have access to the code, pipelines, issues, and ...
Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...
PCMag

From a Booking.com Breach to YouTube Phishing: The Internet's Security Problem Just Got Worse This Week

From stolen booking data to credential-harvesting scams, recent incidents show how quickly attackers are evolving while ...

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this ...

Recent advances push Big Tech closer to the Q-Day danger zone

As the joke goes, CRQC has been 10 to 20 years away for the past three decades. While the recent research suggests that ...

Seal Security Launches Mythos Readiness Program to Close the "Silent Patch Gap" Between Fix Commits and CVE Advisories

Research shows 94% of CVE fix commits are pushed publicly before the advisory - a median 11-day window in which attackers can now weaponize a bug in minutes using frontier AI agents. The program ...

Despite Cease-Fire, Iran’s Hackers Haven’t Logged Off

Tehran’s digital warriors have continued to seek ways to gain an advantage in the conflict in a new phase of cyberspace ...

AISLE’s Open Analyzer — Finding and fixing vulnerabilities without gated frontier models

Finding vulnerabilities is something the industry has done well, but remediating them hasn't been. Just look at how many ...

Unpatched Microsoft Defender flaw lets hackers gain admin access

A security researcher has published a working exploit for a Microsoft Defender security flaw that affects Windows 10, 11, and ...