ThreatsDay Bulletin covers AI abuse, poisoned packages, phishing, macOS attacks, SD-WAN flaws, scams, and supply-chain ...

Thousands of WordPress sites running the Kali Forms plugin are exposed to attackers who can execute arbitrary code on web servers without ever logging in. The flaw, tracked as CVE-2026-3584, carries a ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...

Computer security boffins have conducted an analysis of 10 million websites and found almost 2,000 API credentials strewn across 10,000 webpages. The researchers detail their findings in a preprint ...

An MCP (Model Context Protocol) server that allows running Claude Code in one-shot mode, with bypassed permissions by default and optional native Claude Code permission modes. Did you notice that ...

You want to add two-factor authentication to your app? Check out Laragear TwoFactor. Passkeys, hence WebAuthn, consists in two ceremonies: attestation, and assertion. Attestation is the process of ...

CVE-2025-12735 in expr-eval allows remote code execution via unsafe input evaluation Vulnerable versions ≤2.0.2; patched in 2.0.3 and forked in expr-eval-fork 3.0.0 Developers should sanitize ...

This is the first article in a two-part series where we show how to build your own anti-bot system to protect a login endpoint, without relying on third-party services. Many bot detection solutions, ...

A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance Beijing's strategic interests. ...

The Keep Aware threat research team recently observed a phishing incident that involved leveraging legitimate infrastructure, precision email validation, and evasive delivery techniques. This attack ...

Vibe coding is an emerging AI-assisted programming approach where users describe their software requirements in natural language, and a large language model (LLM) generates the corresponding code.