Sim Studio AI – MongoDB SSRF and Arbitrary Document Deletion
Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion The MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or...
Gradio – Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
Gradio - Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret Gradio applications running outside of Hugging Face Spaces automatically enable "mocked"...
Lovora – 495,556 breached accounts
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included...
Quitbro – 22,874 breached accounts
In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’...
KomikoAI – 1,060,191 breached accounts
In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts...
Ongoing Iran Conflict: What You Need to Know
Recorded Future's Insikt Group® is actively monitoring the rapidly evolving situation following coordinated US-Israeli strikes against Iran and the death of Supreme Leader...
CVE-2026-28417 Vim has OS Command Injection in netrw
Information published. - Read more
OpenClaw 0-Click Vulnerability Allows Malicious Websites to Hijack Developer AI Agents
A critical zero-interaction vulnerability in OpenClaw, one of the fastest-growing open-source AI agent frameworks in history, has been discovered by Oasis Security researchers, allowing...
CVE-2025-71147 KEYS: trusted: Fix a memory leak in tpm2_load_cmd
Information published. - Read more
Latest article
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface...
Torrance, United States / California, June 11th, 2026, CyberNewswire Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack...
Readers reply: Experts say we should use passkeys, but can a smartphone pin really...
The long-running series in which readers answer other readers’ questions on subjects ranging from trivial flights of fancy to profound scientific and philosophical conceptsThis...
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
Information published. - Read more
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules
New Tracing OptionsAs hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on...
