CSO Online

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
SecurityWeek

Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

ClaudeBleed, a vulnerability in Claude in Chrome, allows malicious extensions to hijack the AI agent for nefarious purposes.
The Hacker News

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...
CSOonline

Threat and Vulnerability Management

XDR is one of security's buzziest acronyms—and for good reason. XDR, which stands for eXtended Detection and Response, promises to provide more timely and accurate threat detection by gathering and ...
Health Affairs

Vulnerable People, Groups, And Populations: Societal View

Vulnerability, the susceptibility to harm, results from an interaction between the resources available to individuals and communities and the life challenges they face. Vulnerability results from ...
SecurityWeek

Critical GitHub Vulnerability Exposed Millions of Repositories

The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server. Researchers at cloud security giant Wiz discovered a critical remote code execution ...
UNESCO

Reporting a Cybersecurity Issue: UNESCO’s Security Vulnerability Disclosure policy

The vulnerability is reported to UNESCO as soon as possible after its discovery. The vulnerability findings must remain confidential for at least 90 days following the date the vulnerability was ...