A critical vulnerability in the WPvivid Backup & Migration WordPress plugin allows unauthenticated attackers to upload and execute arbitrary PHP files on exposed websites. Tracked as CVE-2026-1357, ...

Fresh attacks targeted three VMware ESXi vulnerabilities that were disclosed in March 2025 as zero-days. A Chinese threat actor built an exploit for three VMware ESXi vulnerabilities that were patched ...

An OS command injection vulnerability in discontinued D-Link gateway devices has been exploited in the wild as a zero-day. Tracked as CVE-2026-0625 (CVSS score of 9.3), the security defect exists ...

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Admit it: the first thing you think of when ransomware is ...

A flaw in Bunni’s custom liquidity logic allowed an attacker to drain about $2.4 million in stablecoins, prompting the platform to pause all contracts. Decentralized exchange Bunni fell victim to an ...

Meta lost a major privacy trial on Friday, with a jury in San Francisco ruling that the Menlo Park giant had eavesdropped on the users of the popular period-tracking app Flo. The plaintiff’s lawyers ...

QR codes were once a quirky novelty that prompted a fun scan with the phone. Early on, you might have seen a QR code on a museum exhibit and scanned it to learn more about the eating habits of the ...

Patch Tuesday: Microsoft Addresses 137 Vulnerabilities, Including High-Severity SQL Server RCE Your email has been sent Two SQL Server vulnerabilities raise concerns for data exposure and remote code ...

After deadly flash flooding tore through the Texas Hill Country over Fourth of July weekend, federal authorities are on high alert for "fraudsters seeking to profit off the catastrophic and deadly ...