JavaScript can reveal which applications and websites a user opens via SSD-timing side channels without requiring system privileges or browser extensions.
SolarWinds Serv-U is vulnerable to unauthenticated DoS attacks through CVE-2026-28318 (CVSS 7.5); CISA reports active exploitation and sets a deadline of June 19, 2026.
Locally deployed open-source language models enable autonomous attack worms when equipped with appropriate agent architectures, independent of paid frontier models.
Ubiquiti UniFi OS contains three maximum-severity vulnerabilities that, when combined, enable unauthenticated remote access and require immediate patching.
Uncontrolled AI usage by employees jeopardizes data security and compliance – network monitoring and clear AI policies are essential for risk mitigation.
An unknown espionage actor exfiltrated the complete email mailbox of a stock exchange executive over five months using disguised malware and cloud services without detection.
Hades is a supply-chain malware that infects Python packages with specialized prompt-injection logic to compromise both automated LLM scanners and systems with memory access.