Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published
Google fixed a new Chrome zero-day, tracked as CVE-2026-11645, in the V8 JavaScript engine, which is already being exploited in the wild. Google released emergency updates to address a new Chrome zero-day vulnerability, tracked as CVE-2026-11645, that has been exploited in the wild. This flaw is the fifth Chrome zero-day that is being exploited in […]
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution
A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript
The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by including it in generated files. [...]
Finish reading this, then patch A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass exploitation is "imminent," according to security researchers.…
A vulnerability in the 'node-forge' package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. [...]
Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. [...]
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions
Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has come under active exploitation in the wild
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild
Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild
Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild