Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes.

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more ...

This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell. It uses Log4j 2.14.1 (through spring-boot-starter-log4j2 2.6.1) and the JDK 1.8.0_181. [+] ...

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...

A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, ...

Remember the WinRAR path handling exploit we reported on back in August? According to Google, that same flaw, officially dubbed CVE-2025-8088, is still being actively exploited, even though versions ...

If you are using WinRAR you definitely want to update to version 7.13. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to ...

Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious ...

Microsoft has released patches for CVE-2026-21509, a newly disclosed Office zero-day vulnerability that can be exploited to bypass security features. The tech giant’s advisory for CVE-2026-21509 ...