5 Best AI AppSec Tools in 2026
Application security did not become harder because organisations lack tools. It became harder because risk no longer lives in one place. Modern appli…
Security
AI Discovers Critical Zero-Click Flaw Threatening 8,500 Enterprise Remote Access Systems
Thousands of organisations running BeyondTrust's remote access tools face immediate risk after an AI security system uncovered a critical pre-aut…
Flickr Data Breach Exposes User Information Through Third-Party Email Provider Vulnerability
Photo-sharing platform Flickr has disclosed a security incident involving unauthorised access to user information through a vulnerability in one of i…
NGINX Servers Exposed: Response Injection Flaw Puts Millions of Web Applications at Risk
A newly disclosed vulnerability in NGINX web servers could allow attackers positioned between servers and upstream systems to manipulate data flowing…
Chinese State Hackers Turned Notepad++'s Own Update System Against Users for Six Months
The popular text editor Notepad++ has confirmed what security researchers feared: Chinese state-sponsored hackers successfully hijacked its update me…
Mass VPS Provider Ransomware Attack Linked to Stolen Credentials from Virtualizor Support Breach
UPDATE (February 3, 2026): Virtualizor has released an official statement clarifying the attack vector. The company confirms there is no …
AI Hacks AI: Security Tool Finds One-Click RCE in OpenClaw Assistant
In a watershed moment for AI security, an autonomous hacking agent has successfully exploited another AI system, exposing a critical vulnerability in…
Windows 11's New Security Feature Had 9 Vulnerabilities: Researcher Details the Flaws
Microsoft's flagship security upgrade for Windows 11 had a close call: a researcher found nine different ways to bypass it during testing. Google…
Critical Unauthenticated RCE Flaw Exposes SolarWinds Web Help Desk to Instant Takeover
Security researchers at Horizon3.ai have uncovered a chain of critical vulnerabilities in SolarWinds Web Help Desk (WHD) that allows unauthenticated …
WinRAR Flaw Becomes Hacker Gold Mine: State Spies and Cybercriminals Still Exploiting Six-Month-Old Bug
Six months after a critical WinRAR vulnerability was patched, hackers from Russia, China, and cybercrime groups continue to exploit it—turning a fixe…
OpenSSL Patches Critical S/MIME Flaw That Could Let Attackers Hijack Encrypted Email
A vulnerability in OpenSSL's email encryption system could allow attackers to crash servers or execute malicious code without authentication cred…
Chinese Hackers Quietly Upgraded Their Favorite Backdoor — Now It's Stealing Browser Passwords Too
A Chinese state-sponsored hacking group has quietly supercharged one of its most reliable cyberespionage tools, transforming it from a simple backdoo…
Hackers Are Actively Exploiting Critical Microsoft Office Flaw—Patch Now or Risk Takeover
Microsoft has scrambled to release an out-of-band security patch for a high-severity zero-day vulnerability in Office that attackers are actively wea…
Chinese Hackers Breached UK Government Phones for Years—Here's What Went Down
A years-long espionage campaign by Chinese state-sponsored hackers penetrated the mobile phones of senior UK government officials, exposing private c…
React Faces Third Wave of Vulnerabilities as Researchers Uncover DoS Flaws in Patched Code
React developers are facing yet another emergency patching cycle after security researchers discovered additional denial-of-service vulnerabilities w…
Your Netflix-Insta Password Was Probably Stolen — Along With 149 Million Others
A staggering 96GB database containing 149 million unique login credentials sat exposed on the internet for weeks, accessible to anyone with a web bro…
Cloudflare's Certificate Path Let Attackers Sidestep Web Application Firewalls for Months
A seemingly innocuous certificate validation path became a hidden gateway past Cloudflare's Web Application Firewall (WAF), security researchers …
AMD CPUs Expose Critical Flaw: StackWarp Attack Breaks Security on Cloud Servers
A newly disclosed hardware vulnerability in AMD processors threatens the foundation of confidential computing, allowing attackers to hijack secure vi…
Two Missing Characters Nearly Compromised Every AWS Account Worldwide
Security researchers at Wiz have exposed a hair-raising vulnerability that could have given attackers complete control over the AWS JavaScript SDK—th…
Node.js Patches Critical Flaws That Could Expose Secrets from Uninitialized Memory
Node.js developers need to patch immediately. The project released emergency updates across all active versions (20.x through 25.x) on Tuesday, addre…