Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google
Security

HuggingFace Breached by Autonomous AI Agent Swarm

Hugging Face has confirmed a security breach unlike anything the AI platform has faced before — an intrusion planned and executed end-to-end by an au…

WP2Shell: Critical WordPress Flaw Lets Anyone Run Code

WordPress does not force-push updates onto sites that have opted out of them. Doing so overrides an administrator's explicit choice, and the proj…

Cursor's Unpatched 0-Day Lets a Fake Git Binary Hijack Your Windows PC

A security flaw in Cursor, the AI-powered code editor used by more than 7 million developers, lets attackers run arbitrary code on a victim's Win…

Progress Confirms ShareFile Zero-Day Behind Storage Zone Shutdown, Ships Emergency Patches

Progress Software has confirmed the mystery behind last week's abrupt shutdown of ShareFile Storage Zone Controllers: a high-severity zero-day vu…

Researchers Turn Claude Code and Codex Into Malware Launchers With a Poisoned README

Ask an AI coding agent to review an open-source library for security flaws, and it might just run the malware hiding inside it instead. That's th…

Januscape: New KVM Bug Lets a Malicious Cloud VM Crash Its Own Host

A newly disclosed Linux kernel bug shows the wall separating a cloud tenant's virtual machine from the physical server underneath it isn't as…

15-Year-Old Linux Kernel Bug 'GhostLock' Lets Any Local User Seize Root, Break Out of Containers

A privilege-escalation flaw that has quietly sat inside the Linux kernel since 2011 has finally been exposed — and it hands root access to any unpriv…

Critical Unpatched Flaw in CyberPanel Lets Any User Seize Root on the Server

A newly disclosed zero-day in CyberPanel — one of the most widely deployed open-source hosting control panels — allows any authenticated user, even o…

19-Year-Old Linux Kernel Bug Earns $80K Bounty, Grants Root in Under a Second

A single line of code merged into the Linux kernel back in 2007 sat quietly for nearly two decades before anyone realized it could hand attackers a f…

Root Access for the Taking: 'Bad Epoll' Exploit Code Now Public

A working exploit for a Linux kernel vulnerability that hands any logged-in user a root shell is now sitting in the open, and the flaw it targets is …

One Malicious Link, Full Root Access — Nebula Security Demos the World's First Android 17 Exploit Chain

Clicking an unknown link has always been risky advice, but a new exploit published today makes the danger more visceral than ever. YC-backed security…

CVE-2026-55200 — Critical libssh2 Flaw Enables Zero-Auth RCE

A critical security flaw in libssh2 — the SSH library silently embedded in curl, backup utilities, and IoT firmware worldwide — lets unauthenticated …

Squidbleed: 1997 Squid Proxy Bug Leaks HTTP Credentials

Security researchers have uncovered a nearly three-decade-old vulnerability in Squid Proxy that lets anyone sharing the same proxy silently steal oth…

6 Strategies to Reduce the Risk of Targeted Attacks in a Digital-First World

In a world where nearly every aspect of life is connected to technology, personal and professional security has become more complex than ever. Digita…

BitLocker Bypass GreatXML: Using Defender Offline Scan Against You

If you have ever run Windows Defender's Offline Scan, your BitLocker encryption may already be compromised — before an attacker even logs in. Sec…

Microsoft Defender Zero-Day PoC Gives SYSTEM Access on Fully Patched Windows

A researcher who has turned Microsoft's vulnerability disclosure process into a public battleground has released another working exploit — this t…

ServiceNow API Flaw Exploited for Two Months Before Patch

A single misconfigured checkbox quietly exposed enterprise IT data across multiple ServiceNow customer instances for weeks — and if community reports…

OpenAI's Codex AI Discovers "HTTP/2 Bomb" That Can Crash Major Web Servers in Seconds

An AI model just found a decade-old attack that human security researchers somehow missed — and it works against almost every major web server on the…

An AI Security Tool Dug Up a 2-Year-Old Redis Bug That Lets Attackers Take Over Servers

A flaw that sat undetected in Redis for over two years — silently present in every stable release since version 7.2.0 — has been patched after an AI-…

Researcher Drops PoC for 1-Click GitHub Token Theft via VSCode Bug — Skips MSRC Entirely

Security researcher Ammar Askar has publicly released a fully working proof-of-concept (PoC) exploit that can steal a victim's GitHub OAuth token…