Attackers have begun backdooring internet-exposed Ivanti Sentry appliances, the nonprofit security watchdog Shadowserver confirmed on June 11, 2026 — less than 48 hours after patches and a public ...

The latest flare-up in the debate over AI-assisted coding did not come from a new model release or a benchmark result. It came from a single ...

GreatXML, a new Windows BitLocker bypass exploit, targets a zero-day vulnerability in Microsoft Defender’s offline scan.

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.

Piling on guardrails is the sign of a system permanently compensating for its own unreliability. There’s a better approach.

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself ...

Calif researchers used Anthropic’s Mythos Preview to chain two bugs and techniques into a macOS kernel exploit on Apple M5 The exploit bypassed Apple’s new Memory Integrity Enforcement, achieving root ...

The Echo Protocol hack revealed DeFi’s growing operational security crisis after attackers minted $76.7M fake eBTC using a stolen admin key.

A logic inversion bug was recently found in Linux, caused by a single stray character.

The CERT Division is a leader in cybersecurity. We partner with government, industry, law enforcement, and academia to improve the security and resilience of computer systems and networks. We study ...