SecurityWeek

Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate

Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx.

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Bleeping Computer

Hackers exploit FortiClient EMS flaw to push infostealer malware

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker ...

CISA gives feds 4 days to patch actively exploited cPanel plugin flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their ...
Dark Reading

Microsoft Issues Out-of-Band SharePoint Patch

SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well.