Eight-Year-Old Samsung KNOX Flaw Exposed Hundreds of Millions of Galaxy Devices to Kernel Attacks
A critical use-after-free vulnerability in Samsung's KNOX PROCA subsystem — undetected for 8 years — could allow kernel-level compromise on Galaxy S9 through S25 devices. Patch is available...
DifyTap: Critical Flaws in AI Platform Dify Allow Silent Wiretapping of AI Conversations Across 1M+ Apps
Researchers at Zafran disclosed four vulnerabilities in Dify — including two critical CVSS 9+ flaws — that let attackers silently intercept AI conversations across tenants, access private files,...
Squidbleed: 29-Year-Old Squid Proxy Vulnerability Leaks Passwords and API Keys from Other Users
A critical heap overread vulnerability in Squid Proxy, dubbed Squidbleed, has gone undetected since 1997. Discovered with the help of AI, the flaw allows an attacker controlling an...
SiderAI and MaxAI Chrome Extensions Expose 10 Million Users to Full Browser Compromise
Critical vulnerabilities dubbed Spyder and MaXSS have been discovered in the SiderAI and MaxAI Chrome extensions, which together are installed on over 10 million devices. The flaws allow...
CVSS 9.1: Critical Cisco ISE Vulnerabilities Enable Remote Code Execution and Unauthenticated Data Theft
Cisco has disclosed two critical vulnerabilities in its Identity Services Engine (ISE) — CVE-2026-20181 (RCE, CVSS 9.1) and CVE-2026-20190 (unauthenticated information disclosure) — affecting all ISE and ISE-PIC...
CVE-2026-50656: Microsoft Confirms Defender ‘RoguePlanet’ Zero-Day — No Patch Available Yet
Microsoft has confirmed CVE-2026-50656, a zero-day TOCTOU race condition in Microsoft Defender dubbed 'RoguePlanet,' that allows low-privilege attackers to escalate to SYSTEM on fully patched Windows 10 and...
usbliter8: New iPhone BootROM Vulnerability Exposes A12/A13 Apple SoCs to Full Chain-of-Trust Compromise
Security researchers have disclosed 'usbliter8,' a critical hardware-level BootROM vulnerability affecting Apple devices with A12, S4/S5, and A13 SoCs. The flaw allows attackers to bypass Apple's entire Secure...
FortiBleed: Over 73,000 Fortinet Firewalls Compromised Across 194 Countries in Massive Credential Attack
A devastating cyber espionage campaign dubbed 'FortiBleed' has silently compromised over 73,932 unique Fortinet firewall URLs spanning 194 countries. Discovered by security researcher Volodymyr Diachenko and analyzed by...