2 New Microsoft Defender Zero-Days Exploited—Patch Now Rolling Out

Microsoft has confirmed an emergency security update as CISA warns that two new Defender zero-days are being exploited by ...

151 Chrome Security Flaws, 22 Critical, Fixed In New Google Update

Google has released a Chrome update patching a large number of new security flaws: 151 in total, 22 of them rated as critical severity.
CSO Online

Why some security fixes never reach your vulnerability dashboard

CVE was built to track code flaws with fixes. It’s now being stretched to cover malware and supply chain incidents that don’t ...
Infosecurity-magazine.com

Navigating the Vulnerability Maze: Understanding CVE, CWE, and CVSS

The Forum of Incident Response and Security Teams (FIRST) officially launched the fourth version of the Common Vulnerability Scoring System (CVSS 4.0), in November 2023. CVSS 4.0, the industry ...
SecurityWeek

Anthropic Silently Patches Claude Code Sandbox Bypass

Anthropic has silently patched a vulnerability that would have allowed an attacker to bypass the Claude Code network sandbox.
InfoWorld

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.
Bleeping Computer

CISA orders fed agencies to patch new Exchange flaw by Monday

CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday ...
Ars Technica

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters

Incomplete information included in recent disclosures by Apple and Google reporting critical zero-day vulnerabilities under active exploitation in their products has created a “huge blindspot” that’s ...