Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M installs.

Users could be tricked into running arbitrary code, but the issue was patched last week.

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT ...

Notepad++ improves security mechanisms and closes a new vulnerability that allows attackers to execute malicious code.

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential ...

Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could enable account takeover and RCE via malicious model URLs and Functions API ...

Background In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, ...

Company’s first product, virtual code-hardening engineer pixeebot, is already in use at companies like DeltaStream, AGI Technology Partners and Nimi SAN FRANCISCO--(BUSINESS WIRE)--Pixee, creator of ...

Microsoft has released its August 2025 Patch package, a cumulative set of updates addressing more than 100 vulnerabilities across a host of its products. Microsoft’s SharePoint Server Remote Code ...

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...