Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published
Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. [...]
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild
Google fixed a new Chrome zero-day, tracked as CVE-2026-11645, in the V8 JavaScript engine, which is already being exploited in the wild. Google released emergency updates to address a new Chrome zero-day vulnerability, tracked as CVE-2026-11645, that has been exploited in the wild. This flaw is the fifth Chrome zero-day that is being exploited in […]
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. [...]
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution
Skia graphics lib and V8 JavaScript engine brings browser's tally of actively exploited bugs to three in 2026 Google has pushed out an emergency Chrome update to fix two previously unknown vulnerabilities that attackers were already exploiting before the patches landed.…
A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript
Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches. Applying this at scale by scanning 5 million applications revealed over
A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk
The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by including it in generated files. [...]
A maximum-severity vulnerability affecting the React JavaScript library is under attack by Chinese-nexus actors, further stressing the need to patch now.
Finish reading this, then patch A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass exploitation is "imminent," according to security researchers.…
A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. [...]
Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild