Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) ...
There's a huge hole and no one is patching it thus far. A critical, remote code execution (RCE) bug in Gogs, a popular open-source self-hosted Git service, can be exploited by any authenticated user - ...
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The popular ...
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The ...
A critical security vulnerability in a Voice over Internet Protocol (VoIP) phone deployed in small and midsized businesses (SMBs), hotels, call centers, and other organizations globally has ...
A new paper gives an insider’s perspective into CISA’s Known Exploited Vulnerability catalog – and also offers a free tool to help security teams use the CISA KEV catalog more effectively. The paper, ...
Instead of hacking themselves, attackers are increasingly deploying a free AI weapon that hacks for them. Twelve autonomous AI agents juggle 150 highly specialized security tools, from reconnaissance ...
A new spear-phishing campaign has emerged against governments and militaries in South Asia, including in Bangladesh, Nepal, Pakistan, and Sri Lanka. Researchers from Acronis have attributed the ...
Rapid7 finds a new zero-day vulnerability in PostgreSQL and links it to chain of attacks against a BeyondTrust Remote Support product. Security researchers at Rapid7 on Thursday flagged the discovery ...
This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this ...