Google wants to shorten delays in the vulnerability lifecycle by sharing limited details about newly discovered defects within a week of reporting to the affected vendor.

The findings are part of a growing list of instances where “agentic” AI software has taken actions that are more akin to a malicious hacker than a…

The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.

Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol.

The vendor disclosed the critical zero-day in NetScaler ADC and NetScaler Gateway nine days after it warned of a pair of defects in the same products.

UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.

The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization.

Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.

The most consequential cyberattacks observed by Darktrace last year were linked to software defects in firewalls and perimeter network technologies.

The November security bulletin includes two CVE's reportedly exploited in the wild.