Critical Flaws Exposed in zkLogin: Zero-Knowledge Proofs Can't Fix Broken Authentication
Brave Software researchers have disclosed critical vulnerabilities in zkLogin, a widely-deployed blockchain authentication system used across the Sui…
Security
Hackers Are Now Calling AI to Write Malware On-the-Fly, Google Warns
Nation-state hackers have crossed a troubling threshold: they're now weaponising commercial AI to generate malicious code dynamically during acti…
Credential-Stealing Flaw in Ivanti EPM Lets Hackers Waltz Past Authentication
Ivanti just patched a critical authentication bypass in its Endpoint Manager that hands attackers stored credentials on a silver platter—no login req…
Critical RCE Flaw in Popular Manga Translation Tool Exposes Thousands to Takeover
A critical security vulnerability in manga-image-translator, a widely used open-source OCR tool with over 9,300 GitHub stars, allows attackers to exe…
New Notepad Flaw That Lets Hackers Execute Code via Markdown Files
Microsoft patched a serious security hole in Windows Notepad this week that could allow attackers to remotely execute malicious code on victims' …
5 Best AI AppSec Tools in 2026
Application security did not become harder because organisations lack tools. It became harder because risk no longer lives in one place. Modern appli…
AI Discovers Critical Zero-Click Flaw Threatening 8,500 Enterprise Remote Access Systems
Thousands of organisations running BeyondTrust's remote access tools face immediate risk after an AI security system uncovered a critical pre-aut…
Flickr Data Breach Exposes User Information Through Third-Party Email Provider Vulnerability
Photo-sharing platform Flickr has disclosed a security incident involving unauthorised access to user information through a vulnerability in one of i…
NGINX Servers Exposed: Response Injection Flaw Puts Millions of Web Applications at Risk
A newly disclosed vulnerability in NGINX web servers could allow attackers positioned between servers and upstream systems to manipulate data flowing…
Chinese State Hackers Turned Notepad++'s Own Update System Against Users for Six Months
The popular text editor Notepad++ has confirmed what security researchers feared: Chinese state-sponsored hackers successfully hijacked its update me…
Mass VPS Provider Ransomware Attack Linked to Stolen Credentials from Virtualizor Support Breach
UPDATE (February 3, 2026): Virtualizor has released an official statement clarifying the attack vector. The company confirms there is no …
AI Hacks AI: Security Tool Finds One-Click RCE in OpenClaw Assistant
In a watershed moment for AI security, an autonomous hacking agent has successfully exploited another AI system, exposing a critical vulnerability in…
Windows 11's New Security Feature Had 9 Vulnerabilities: Researcher Details the Flaws
Microsoft's flagship security upgrade for Windows 11 had a close call: a researcher found nine different ways to bypass it during testing. Google…
Critical Unauthenticated RCE Flaw Exposes SolarWinds Web Help Desk to Instant Takeover
Security researchers at Horizon3.ai have uncovered a chain of critical vulnerabilities in SolarWinds Web Help Desk (WHD) that allows unauthenticated …
WinRAR Flaw Becomes Hacker Gold Mine: State Spies and Cybercriminals Still Exploiting Six-Month-Old Bug
Six months after a critical WinRAR vulnerability was patched, hackers from Russia, China, and cybercrime groups continue to exploit it—turning a fixe…
OpenSSL Patches Critical S/MIME Flaw That Could Let Attackers Hijack Encrypted Email
A vulnerability in OpenSSL's email encryption system could allow attackers to crash servers or execute malicious code without authentication cred…
Chinese Hackers Quietly Upgraded Their Favorite Backdoor — Now It's Stealing Browser Passwords Too
A Chinese state-sponsored hacking group has quietly supercharged one of its most reliable cyberespionage tools, transforming it from a simple backdoo…
Hackers Are Actively Exploiting Critical Microsoft Office Flaw—Patch Now or Risk Takeover
Microsoft has scrambled to release an out-of-band security patch for a high-severity zero-day vulnerability in Office that attackers are actively wea…
Chinese Hackers Breached UK Government Phones for Years—Here's What Went Down
A years-long espionage campaign by Chinese state-sponsored hackers penetrated the mobile phones of senior UK government officials, exposing private c…
React Faces Third Wave of Vulnerabilities as Researchers Uncover DoS Flaws in Patched Code
React developers are facing yet another emergency patching cycle after security researchers discovered additional denial-of-service vulnerabilities w…