FFmpeg fixes PixelSmash flaw in widely used video decoder

A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
latesthackingnews.com

usbliter8 Exploit Achieves Code Execution in Apple’s Unpatchable SecureROM

Paradigm Shift has published a working exploit for Apple's A12 and A13 SecureROM. The flaw is in hardware, so no patch will ...
Dark Reading

In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw

The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified ...
CSO Online

Hackers exploit critical PTC Windchill PLM software flaw

The popular product lifecycle management platform is under active exploitation for an RCE vulnerability that could put ...
Network World

Attackers exploit Cisco Unified CM flaw weeks after patch release

New activity targets CVE‑2026‑20230, an SSRF bug that can allow unauthenticated file writes and potential root‑level access ...

Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being ...

New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available

Researchers disclosed usbliter8, a SecureROM exploit affecting older Apple devices that can bypass boot protections with ...
The Hacker News

Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Paradigm Shift’s usbliter8 exploit targets Apple A12 and A13 SecureROM via USB DFU mode, creating an unpatchable hardware ...
Microsoft

Beyond the benchmark: Advancing security at AI speed

Read how Microsoft Security has advanced its agentic vulnerability detection system, codename MDASH, integrating into ...
Security Boulevard

CISA Sets Urgent Deadline to Fix Cisco Flaw Exploited in Attacks

What happened CISA added a Cisco Unified Communications Manager Server vulnerability to its Known Exploited Vulnerabilities catalog after the flaw was observed being exploited in attacks. The ...
CSO Online

Langflow RCE under active attack months after a patch was shipped

Actively exploited CVE-2026-5027 lets attackers write files to arbitrary locations on vulnerable Langflow servers, creating a path to remote code execution and full system compromise.