Sometimes you search endlessly and find nothing. Other times, the gold just drops into your lap. This is a story about how we accidentally found a pretty impactful vulnerability.

Vibecoding is fast, but it is secure? We tested current state of the art LLM models against a common security task, namely the MFA implemented in your applications.

Daily updated CVE summaries with CVSS and CWE tags. Latest update: 2025-12-03T14:15:48.680.

Introduction LLVM compiler infrastructure is powerful because of its modular design, flexibility, and rich intermediate representation (IR) that enables deep analysis and transformation of code. Unlike traditional compilers, LLVM separates...

CVE-2025-9152, CVE-2025-10611, and CVE-2025-9804 are critical authentication bypass and privilege escalation vulnerabilities I discovered in WSO2 API Manager and WSO2 Identity Server.

CVE-2025-2905 is a blind XXE vulnerability in WSO2 API Manager and other WSO2 products dependent on WSO2-Synapse.

We are releasing Brida 0.6 that supports Frida 17, which introduced some breaking change in its API.

Affected Versions Vendor Response The vendor has released an updated kernel on the 18th of September Credit The vulnerability was disclosed during our TyphoonPWN 2025 Linux category and won first place. Vulnerability Details The vulnerability is caused by…

Posted by Double-Structure4337 - 0 votes and 1 comment

Explore how Eye Security tackles the rising threat of Shadow AI by using prompt injection for good: enhancing data security, boosting AI awareness, and defending corporate intelligence across LLMs like ChatGPT, Claude, and DeepSeek.

Posted by yuznumara - 0 votes and 7 comments

Tata Motors gave away the keys to their infrastructure and customer data on their public websites.

Discover the security risks in vibe-coded applications as we uncover over 2,000 vulnerabilities, exposed secrets, and PII

Author(s): Vlad Pasca Warlock ransomware was deployed by exploiting the SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-53771 The ma...

A Context Tainting Approach to Mitigate Python Deserialization Attacks

Diving into COM/DCOM and how to automate vulnerability research using a fuzzing approach.

EDR-Redir V2 uses bind link technique with Program Files folder. Create bind link for folder points to itself to break, bypass, block Antivirus, EDRs

Extension for Visual Studio Code - Security vulnerability scanner for dependencies. Checks CVEs from NVD/OSV databases and provides remediation steps. Supports npm, pip, Maven, Go, and more.