Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server ...

Microsoft's Patch Tuesday update for December is here, and Windows users should ensure their machines are updated as soon as possible to fix three zero-day vulnerabilities. These are security flaws ...

Microsoft concluded 2025 with a massive security update that cybersecurity teams cannot ignore. Released yesterday (Dec. 9) as cumulative update KB5072033, this security patch addresses 57 ...

The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. Ivanti on Tuesday announced patches for four vulnerabilities in Endpoint Manager ...

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...

Critical Remote Code Execution Vulnerabilities Impact Major AI Inference Engines Due to Unsafe ZeroMQ and Python Pickle Usage The root cause, as detailed by Oligo Security researcher Avi Lumelsky in a ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...

The November 2025 Android patches resolve two vulnerabilities, both in the platform’s System component. Google on Monday announced a fresh set of security updates for the Android platform, to address ...

A set of previously unknown flaws in Windows Graphics Device Interface (GDI) that could enable remote code execution and information disclosure has been revealed after Microsoft released fixes. These ...

Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active ...