SecurityWeek

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Drupal has patched CVE-2026-9082, a highly critical vulnerability that could allow threat actors to hack websites.

How Iran Gained Leverage in the War

Outmatched militarily, Iran used “triangular coercion” by attacking Gulf states and closing the Strait of Hormuz. It points ...
CSO Online

Drupal admins rushing to patch maximum severity SQL injection vulnerability

Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today ...
Tech Times

Shannon Lite v1.2.0 on Claude Opus 4.7: Anthropic’s New Cyber Safeguards Require Pentesters to Enroll Before Scans

Shannon Lite, the autonomous white-box penetration testing tool built by San Francisco-based Keygraph, shipped version 1.2.0 ...
Security Boulevard

How a VMDR Tool Improves Vulnerability Management

Every day, new gaps show up in assets, apps, and cloud setups. Some stay hidden for weeks. Some get missed completely, and ...

For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft delivered fixes for issues affecting everything from Windows to Office, .NET, and SQL Server, and several patches ...

Ivanti EPM: Security flaws allow SQL injection, privilege escalation

Ivanti warns of three security vulnerabilities in Endpoint Manager (EPM). They allow SQL injection or privilege escalation.
theregister

Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs

Security vulnerabilities in MCP servers for three popular database projects could let attackers execute unintended SQL statements on Apache Doris, exfiltrate sensitive metadata from Alibaba RDS, and ...
Infosecurity Magazine

Avada Builder Flaws Expose One Million WordPress Sites

Two newly disclosed vulnerabilities in the Avada Builder WordPress plugin have placed around one million sites at risk of ...
SecurityWeek

SAP Patches Critical S/4HANA, Commerce Vulnerabilities

SAP has released 15 new security notes, including two addressing critical code injection flaws in S/4HANA and Commerce.
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
Security Boulevard

Benchmarking AI Pentesting Tools: A Practical Comparison

Escape, Shannon, Strix, PentAGI, and Claude against a modern vulnerable application. Learn more about their detection rates, false positive rates, and scanning speed.