CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
InfoQ

Google ADK for Java 1.0 Introduces New App and Plugin Architecture, External Tools Support, and More

Google's Agent Development Kit for Java reached 1.0, introducing integrations with new external tools, a new app and plugin ...
SecurityWeek

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical Nginx UI vulnerability that allows attackers to take full control of servers has been exploited in the wild.
CoinDesk

The $292 million Kelp exploit: how it happened, and what it means for DeFi

DeFi's "worst year in terms of hacks," Ledger's CTO said, as the Kelp exploit shows how a single point of failure can cascade ...

Vercel confirms breach as hackers claim to be selling stolen data

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems ...
SecurityWeek

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Organizations are warned that a recently patched vulnerability affecting Apache ActiveMQ Classic is being exploited in the ...
FedScoop

DOE launches AI testbed to evaluate models for energy operations

Lawrence Livermore National Lab and the Energy Department’s CESER office designed the platform to assess vulnerabilities and ...
Tech Times

Clym Accessibility Tools Review: A Free, Open-Source WCAG Scanner Built for 2026

We tested Clym's free, open-source accessibility testing suite. An honest review of what it covers, how it works, and whether ...
CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...
CoinDesk

LayerZero blames Kelp's setup for $290 million exploit, attributes it to North Korea's Lazarus

LayerZero said the attackers compromised two RPC nodes the company's verifier relied on and DDoS'd the rest, with the attack ...