Researchers said the information disclosure zero-day exposes sensitive information that attackers can use to undermine defenses and make other exploits more reliable.

The company says it has no evidence the bug was exploited before October’s patch, but researchers say AI agent configuration can still enable prompt-injection style abuse.

Talha Tariq quickly found his company at the center of a fast-moving, high-stakes mitigation effort. The result: a bounty program, a cat-and-mouse patch fight, and a debate…

Roughly 100,000 servers running the automated workflow platform for AI and other enterprise tools are potentially exposed to exploitation.

The vulnerability could let operator-level users run commands as database administrator.

The high-severity vulnerability is under active exploitation and affects many versions of MongoDB, a nearly ubiquitous open-source database.

Researchers said attackers linked to Russia’s military intelligence agency have moved from vulnerability exploits to focus on poorly configured network edge devices to keep its access to…

The Ivy League school said it was one of almost 100 organizations hit by the simultaneous attacks in August.

The company’s latest security update contains the second-highest number of defects patched so far this year.

The security vendor silently patched a vulnerability, but did not assign the flaw a CVE or publicly disclose its existence until 17 days later. By then, widespread…