SpeechRuntime is a legitimate Windows component that supports Microsoft’s speech-related capabilities, including voice input and speech recognition features used across modern Windows experie…

Wirebrowser is a CDP-based runtime instrumentation platform for the browser. Think Frida, but for JavaScript running in Chrome — without monkeypatching.

We tested Opus 4.6 against 435 known vulnerable C functions from real CVEs. With good prompting and tools, it found up to 28.5% of vulnerabilities — impressive compared to human review, but with high false positive rates and inconsistency that underline the…

Ilan Kalendarov, Security Research Team Lead Ben Zamir, Security Researcher Elad Beber, Security Researcher  Cymulate Research Labs uncovered a range of vulnerability classes across multiple different AI tools that allow attackers to bypass trust boundaries…

CVE-2026-34197 is an ActiveMQ RCE flaw exploiting Jolokia to execute remote commands. Learn how it works, affected versions, and detection steps.

Strengthen your server defenses with our comprehensive cis hardening linux guide. Follow these professional steps to secure your systems against all threats.

We found a vulnerability in a 49,000-star project that lets an attacker trick your AI agent into reading SSH keys, .env files, and database passwords. The fix is merged — but the pattern exists in hundreds of other MCP servers.

CVE-2026-34980 + CVE-2026-34990: two CUPS vulnerabilities, discovered by an autonomous LLM pipeline, chainable from unaut'd remote print job to root file (over)write.

Tolgee's XML translation importers ship with zero security config. Upload a crafted file, read anything from the server. Confirmed on their cloud platform.

Explore Brandefense’s Ransomware Trends Report Q4 2025 with sector-based insights, top ransomware groups, exploited CVEs, and global attack patterns.

How the PhishU Framework simulates Microsoft Entra device code phishing with silent token capture, live notifications, and Token Explorer follow-on actions.

Anthropic's Project Glasswing uses Claude Mythos Preview to find thousands of zero-day exploits, and I have firsthand proof their models are better than people think.

A new initiative to secure the world’s most critical software and give defenders a durable advantage in the coming AI-driven era of cybersecurity.

To follow the previous article "Fraud & Application Security: Ignoring each other is costing your business!",

Business logic flaws, not SQL injection, are where the real money disappears!

Traditional penetration testing, SAST and scanners catch technical…

A security practitioner’s breakdown of Anthropic’s Mythos claims — what’s real, what’s overstated, and what actually matters