SecurityWeek

Atlassian, Splunk Patch Critical Vulnerabilities

Atlassian and Splunk have released patches for critical vulnerabilities, including dozens of flaws in third-party ...
techtimes

Ivanti Sentry Actively Exploited: CVSS 10.0 Flaw Backdoors Enterprise Mobile Gateways

Attackers have begun backdooring internet-exposed Ivanti Sentry appliances, the nonprofit security watchdog Shadowserver confirmed on June 11, 2026 — less than 48 hours after patches and a public ...
Dark Reading

Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool

Google has fixed a critical flaw in its agentic integrated developer environment (IDE) Antigravity that led to sandbox escape and remote code execution (RCE) after researchers created a proof of ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading ...
theregister

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic's official Model Context Protocol (MCP) puts as many as 200,000 servers ...
IEEE

DIAVA: A Traffic-Based Framework for Detection of SQL Injection Attacks and Vulnerability Analysis of Leaked Data

Abstract: SQL injection attack (SQLIA) is among the most common security threats to web-based services that are deployed on cloud. By exploiting web software vulnerabilities, SQL injection attackers ...
SecurityWeek

SAP’s January 2026 Security Updates Patch Critical Vulnerabilities

Enterprise software maker SAP on Tuesday announced the release of 17 new security notes as part of its January 2026 Security Patch Day. Four of the notes address critical-severity vulnerabilities. The ...
Computer Weekly

Fortinet vulnerabilities prompt pre-holiday warnings

Two recently disclosed vulnerabilities discovered in Fortinet’s product portfolio have prompted a pre-holiday warning for defenders after being added to the Known Exploited Vulnerabilities (KEV) ...
Business Wire

Azul Introduces 100 – 1000x More Accurate In-Production Java Vulnerability Detection

SUNNYVALE, Calif.--(BUSINESS WIRE)--Azul, the only company 100% focused on Java, today announced an enhancement to Azul Intelligence Cloud, a breakthrough capability in Azul Vulnerability Detection ...
Security Boulevard

Critical Vulnerabilities and Top CVEs of April 2025

Some vulnerabilities make headlines. Others quietly become someone’s worst day at work. The critical CVEs 2025 that surfaced in April weren’t just technical flaws, they were real entry points. Into ...
The Hacker News

Anatomy of an Attack

To illustrate the complexity and severity of modern application attacks, let's examine an attack against the infamous Log4Shell vulnerability (CVE-2021-44228) that sent shockwaves through the ...