A critical flaw, currently unpatched remote code execution vulnerability (CVE-2026-25874) in HuggingFace’s LeRobot robotics framework allows any...
John
John is an independent cybersecurity researcher covering vulnerabilities, malware campaigns, and emerging threats in the cybersecurity landscape.
Google has released an emergency stable channel update for Chrome desktop, pushing version 147.0.7727.137/138 for Windows and macOS and 147.0.7727.137...
Frappe Framework has disclosed a Stored Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-28436, affecting all versions before...
An emergency security update for Firefox ESR 140.10.1, patching four vulnerabilities, including two rated critical, that could allow...
An urgent security update for its NVIDIA FLARE SDK, addressing three vulnerabilities, including a critical 9.8 CVSS-rated...
A high-severity access control vulnerability (CVSS 8.2) in Cursor AI that allows any installed extension to silently...
Two high-severity vulnerabilities, a zero-click Windows Shell credential theft flaw and a legacy ConnectWise ScreenConnect path traversal...
A critical remote code execution (RCE) vulnerability in GitHub’s internal git infrastructure, CVE-2026-3854 (CVSS: 8.7), that allowed any authenticated...
A high-severity Remote Code Execution (RCE) vulnerability, tracked as CVE-2026-33725, has been disclosed in Metabase Enterprise Edition,...
Moxa, a leading industrial networking and communications manufacturer, has disclosed two serious security vulnerabilities affecting its Secure...
