A threat actor started exploiting CVE-2026-39987, an unauthenticated RCE vulnerability in Marimo, nine hours after public disclosure.

A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over ...

A now corrected issue let researchers circumvent Apple’s restrictions and force the on-device LLM to execute attacker-controlled actions.

EngageLab SDK flaw exposed 50M+ Android installs after April 2025 disclosure, risking crypto wallet data until November 2025 ...

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone ...

Threat actors have started exploiting CVE-2026-21643, a critical vulnerability in Fortinet FortiClient EMS leading to remote ...

iPhone users should be on alert: DarkSword spyware has been posted in the wild. Credit: Cheng Xin/Getty Images DarkSword, the web-based hacker tool that can be used to steal data from millions of ...

A hot potato: For more than a decade, the Xbox One stood as a remarkable exception in console security – a machine long considered impervious to hacking attempts. That reputation is now over. At the ...

Qualcomm confirmed that fixes for the GBL exploit were provided to Android device makers earlier this month. The exploit, discovered by Xiaomi ShadowBlade Security Lab, was a key component in ...

A vulnerability in Qualcomm’s Android Bootloader implementation allows unsigned code to run via the “efisp” partition on Android 16 devices. This is paired with a “fastboot” command oversight to ...

A new Qualcomm GBL exploit is reportedly affecting Qualcomm SoCs, mainly the latest Snapdragon 8 Elite Gen 5. This enables bootloader unlocking on flagship phones that were previously difficult to ...

Emily Long is a freelance writer based in Salt Lake City. After graduating from Duke University, she spent several years reporting on the federal workforce for Government Executive, a publication of ...