AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

Fortinet’s FortiClient endpoint management software, meant to harden corporate and government machines, instead exposed them ...

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels.

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...

Its inclusion in the US CISA catalog of known exploited vulnerabilities is a warning to admins that patching is needed now.

A flaw in Meta's AI-powered Instagram recovery tool allowed attackers to hijack accounts by redirecting password reset links, ...

Picture this: you paste a link into ChatGPT and ask for a summary. The model obliges, returning a clean, confident breakdown ...

Hackers can hijack ChatGPT, Claude, and Gemini with nothing but a sentence. OpenAI says the problem may never be fully solved.

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

US cyber authorities have added a critical Drupal Core SQL injection flaw to their exploited-vulnerabilities list after attacks began targeting unpatched websites using PostgreSQL databases, ...

India's software supply chain security challenge is deepening as AI expands the attack surface while many enterprises lack detection and protection tools.

Microsoft delivered fixes for issues affecting everything from Windows to Office, .NET, and SQL Server, and several patches that should be deployed ASAP.