The results of our soon-to-be-published Advanced Cloud Firewall (ACFW) test are hard to ignore. Some vendors are failing badly at the basics like SQL injection, command injection, Server-Side Request ...

Critical remote code execution and database theft flaws highlight patching gaps and the hidden risk inside business ...

QSM lets users create quizzes, surveys, and forms without coding, with more than 40,000 websites actively using it - but recently, it was discovered versions 10.3.1 and older were vulnerable to an SQL ...

A popular WordPress quiz plugin can be abused to mount SQL injection attacks ...

Two vulnerabilities can be exploited to fully compromise instances of the Google Looker business intelligence platform.

Attackers could even have used one vulnerable Lookout user to gain access to other Google Cloud tenants' environments.

CISA warns that a fresh critical-severity SolarWinds vulnerability leading to unauthenticated RCE has been exploited in attacks.

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries.

SportAdmin, a Swedish software supplier to sports clubs, has been fined €565,000 for failing to provide an appropriate level ...

January 2026 was a wake-up month for enterprise security teams. In a single week, CERT-In released three high-severity ...

Microsoft has patched 112 vulnerabilities in January 2026, including CVE-2026-20805, a Desktop Window Manager zero-day that ...

F5's Guardrails blocks prompts that attempt jailbreaks or injection attacks, and its AI Red Team automates vulnerability discovery in AI systems.