Project Zero’s Pixel 10 Zero-Click Exploit Explained
Google Project Zero chained a Dolby audio flaw and a VPU kernel driver bug to root the Pixel 10 silently. Here's how it ...
Pwn2Own Berlin 2026: AI Coding Tools Were Hacked
Pwn2Own Berlin 2026 exploited Claude Code, Cursor, OpenAI Codex, and LiteLLM. Here's what fell, what ...
MCP Has 1,800 Unauthenticated Servers in Production. Here’s Your Exposure.
MCP's explosive growth has a security gap: 1,800 public servers with no auth, 200,000 exposed ...
Pipelock: The AI Agent Firewall Developers Need in 2026
Pipelock is a free, open-source AI agent firewall that blocks SSRF, prompt injection, and credential ...
CVE-2026-23918: Apache HTTP/2 Double-Free RCE Explained
Apache 2.4.66 has a no-auth double-free in mod_http2 enabling DoS and RCE. CVE-2026-23918 affects Docker ...
iOS 26.5 RCS Encryption: How MLS Works and What Developers Need to Know
Apple and Google shipped cross-platform RCS end-to-end encryption in iOS 26.5. Here is the MLS protocol, UP 3.0 standard, carrier caveats, and what ...
Fragnesia CVE-2026-46300: The Dirty Frag Patch Backfired
The Dirty Frag kernel patch activated Fragnesia — a new Linux root exploit. CVE-2026-46300 affects ...
nginx Rift: 18-Year-Old Bug Enables No-Auth RCE Now
CVE-2026-42945 gives attackers unauthenticated RCE on nginx with one HTTP request. A PoC is already ...
Mini Shai-Hulud: TanStack npm Supply Chain Worm Explained
TeamPCP’s Mini Shai-Hulud worm hit 170+ npm packages in 6 minutes on May 11. Here’s ...
Bleeding Llama: Ollama CVE Exposes 300K AI Servers
CVE-2026-7482 lets unauthenticated attackers steal API keys and system prompts from Ollama servers in 3 ...