Contributors: Sandeep Kamble, BugDazz Autonomous Pentest AI, Rabit0 ModelPublication Date: March 19, 2026Severity Rating: Critical (CVSS Score: 8.8)Vulnerability Status: Zero-day at...

Walkthrough of the discovery of an authenticated SQL injection in Kanboard version <= 1.2.50 tracked as CVE-2026-33058

The Model Context Protocol connects AI agents to enterprise tools — but it ships without authentication, authorization, or audit trails. With 7,000+ exposed servers and a growing list of CVEs, MCP has become the blind spot in your zero-trust perimeter. Here's…

Contributors: Sandeep Kamble, BugDazz Autonomous Pentest AI, Rabit0 ModelPublication Date: March 19, 2026Severity Rating: High (CVSS Score: 8.6)Vulnerability Status: Zero-day at time of discovery...

Discover how the tech community uses VPNs, Ageless Linux, and self-hosted AI to bypass invasive OS age verification laws in California and Brazil

PSpice is a SPICE circuit simulator from Cadence Design Systems that encrypts proprietary semiconductor model files to protect vendor IP and prevent reuse in third-party SPICE simulators. The encryption scheme is proprietary and undocumented.

The AISLE analyzer discovered a high-severity vulnerability that enables SQL injection in OpenSIPS, a pillar of global communications used by over ...

Foreword

Documentation for APM — a professional-grade, zero-knowledge CLI password manager.

WordPress plugin "Profile Builder Pro" (versions before 3.14.5) is susceptible to Unauthenticated PHP Object Injection. In this blog post, we discuss how we discovered and exploited the vulnerability using a novel POP chain, how AI helped in the process,…

Three more bypasses in Roundcube's HTML sanitizer: SMIL animation attributes load remote resources, unquoted body backgrounds enable CSS injection, and position:fixed !important enables phishing overlays.

CVE-2026-33155 - 40 Bytes to Chaos - Read the latest insights from Periphery on securing AI hardware, embedded systems, and critical infrastructure.

Learn how to use nono learn, policy, and profile commands to build production-ready sandbox profiles for AI agents like Claude Code.

Runtime AI security across network, host, and application layers. 1,000+ threat signatures with 100% local processing — zero data leaves your environment.

A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability.

In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than…

Free, offline-first GRC engine. Generate gap analysis for ISO 27001, NIST CSF 2.0, and CIS v8 instantly.

Posted by Consistent-Ruin1868 - 0 votes and 1 comment

Eight outlets reported signs of LLM-assisted code in the DarkSword iOS exploit kit. None wrote the standalone analysis. This is that piece. A deep dive into Lookout's findings, prior art, and what it means for mobile threat landscape.

A high-severity configuration loading order defect (`CVE-2026-33068`, CVSS v4.0 7.7 HIGH) in Anthropic's Claude Code CLI tool allows a malicious repository to bypass the workspace trust confirmation dialog.

Break your AI agents before someone else does. Security scanning for system prompts, MCP servers, and AI coding agents.

Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.