A design choice in the MCP SDKs allows remote code execution across the AI supply chain.

QNAP has released several security advisories today, one of them for a critical security issue that allows remote execution of arbitrary commands on vulnerable QVR systems, the company's video ...

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...

Attackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence company Defused. Taiwan networking provider Zyxel has released ...

Two Composer flaws (CVE-2026-40176, CVE-2026-40261) allow command execution via Perforce configurations, prompting urgent ...

Fortinet patched 27 vulnerabilities, including two critical FortiSandbox flaws leading to authentication bypass and code ...

Progress has released patches for multiple remote code execution and OS command injection flaws in MOVEit WAF and LoadMaster.

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...

Cisco Systems released security patches for Secure Access Control Server (Secure ACS) for Windows to address a critical vulnerability that could allow unauthenticated attackers to remotely execute ...

Since April 3, CISA has published warnings about seven known exploited vulnerabilities, adding them to the Known Exploited Vulnerabilities Catalog, ordering federal agencies to remediate the ...