Security

Microsoft's AI Just Found 16 Windows Vulnerabilities Humans Missed — And It's Only Getting Started

For decades, finding dangerous bugs buried deep inside Windows has been a job for elite human researchers armed with time and hard-won instinct. Toda…

Exim Mail Server Has a Critical Unauthenticated RCE — And an AI Helped Build the Exploit

A critical security vulnerability in Exim — the mail server software running on roughly half of all internet-facing email servers — allows a remote a…

Hackers Used AI to Build a Real Zero-Day Exploit — And Almost Deployed It at Scale

For the first time, researchers have confirmed that a criminal threat actor used artificial intelligence to discover and weaponize a zero-day vulnera…

TanStack Packages Hit by Sophisticated Supply Chain Attack

A self-propagating worm has torn through the TanStack JavaScript ecosystem, publishing 84 malicious versions across 42 widely used npm packages in a …

JDownloader Website Hacked — Malicious Installers Served to Windows and Linux Users

JDownloader, one of the most widely used free download managers with millions of users across Windows, macOS, and Linux, had its official website com…

React and Next.js Hit With 12 Security Flaws — Three Let Attackers Bypass Auth, Hijack Servers

Vercel and the React team have fixed 13 vulnerabilities affecting Next.js and React Server Components, with three high-severity flaws drawing the mos…

Dirty Frag — No Patch, No Warning — Root Access on Every Major Linux Distro

Discovered by Korean security researcher Hyunwoo Kim, Dirty Frag chains two separate kernel vulnerabilities to hand any local user a root shell on vi…

Ubuntu's X Account Appears Hijacked to Push Fake "Numbat" Solana AI Agent Crypto Scam

Ubuntu users and open-source enthusiasts should be on high alert: a sophisticated impersonation campaign is exploiting Ubuntu's branding — and po…

Palo Alto PAN-OS Zero-Day Under Active Attack — No Patch Available Yet

Attackers are already exploiting a critical zero-day vulnerability in Palo Alto Networks' PAN-OS, the operating system powering the company's…

Apache HTTP Server's HTTP/2 Module Has a Memory Bug That Can Crash or Compromise Your Server

A memory management flaw buried inside Apache HTTP Server's HTTP/2 module is giving attackers two options: crash your web server with a two-frame…

WhatsApp Quietly Fixed Two Flaws That Could Make Malware Look Like a PDF

If you use WhatsApp on Windows, here is something worth knowing: until recently, an attacker could send you what looked like a harmless document — a …

A 21-Year-Old PHP Vulnerability That Opens the Door to Remote Code Execution

A security vulnerability that has been hiding inside PHP since 2005 — quietly surviving two decades of audits, engine rewrites, and dozens of related…

Lightning PyPI Package Compromised in Supply Chain Attack

If you're building, training, or shipping AI models with PyTorch Lightning, check your installed version immediately — two freshly published rele…

CVE-2026-41940: cPanel Authentication Bypass Was Already Being Exploited Before the Patch Even Dropped

On April 28, 2026, cPanel pushed an emergency security update for what it described as a vulnerability affecting "various authentication paths&…

SAP CAP npm Packages Backdoored in "Mini Shai-Hulud" Attack — Rotate Your Tokens Now

Four npm packages at the heart of SAP's enterprise development ecosystem were quietly backdoored on Tuesday, April 29, 2026 — weaponizing the rou…

A Single Git Push Was All It Took to Compromise GitHub — Millions of Repos Were Exposed

A critical vulnerability in GitHub's internal infrastructure allowed any authenticated user to execute arbitrary commands on GitHub's backend…

Hackers Targeted LiteLLM's AI Gateway Just 36 Hours After Critical SQL Injection Flaw Went Public

A critical, unauthenticated SQL injection vulnerability in LiteLLM — the open-source gateway that tens of thousands of organisations use to manage AP…

LAPSUS$ Dumps Checkmarx Data on Dark Web — Source Code, API Keys, and Credentials Exposed

The Checkmarx supply chain nightmare just got worse. The LAPSUS$ cybercrime group has publicly dumped data stolen from the Israeli application securi…

AI Agent Wiped a Startup's Entire Database in 9 Seconds — Then Confessed Every Rule It Broke

When Jer Crane sat down to run a routine infrastructure task on a Friday afternoon, he had no idea he was about to spend the entire weekend manually …

Vercel Hacked: Breach Is Bigger Than First Disclosed — Customer Data Stolen Before the Attack Even Started

What began as a contained supply chain incident has quietly expanded into something far more serious. Vercel has updated its April 2026 security bull…

Cyber Kendra

Search Suggest