A critical flaw in Python tool Marimo was exploited within 10 hours of disclosure, researchers report, highlighting how quickly attackers are now turning vulnerability advisories into real-world ...

A threat actor started exploiting CVE-2026-39987, an unauthenticated RCE vulnerability in Marimo, nine hours after public disclosure.

Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the vendor said.

A researcher released a working ‘BlueHammer’ Windows zero-day exploit that could impact over 1 billion devices, granting ...

The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability within 20 hours, working only from the advisory description. The bug, CVE-2026 ...

The big picture: A cybercriminal is reportedly selling a Windows zero-day exploit on the dark web for $220,000. The vulnerability, which targets Windows Remote Desktop Services, could allow an ...

Forbes contributors publish independent expert analyses and insights. Dara-Abasi Ita covers AI in boring asset classes. As AI-driven tools compress the "Time to Exploit" (TTE) from weeks to mere days, ...

A new report out today from Google LLC’s Threat Intelligence Group finds that zero-day vulnerability exploitation remained elevated in 2025 as attackers increasingly targeted enterprise infrastructure ...

What we know so far: A powerful iOS exploit framework that once appeared to sit in the orbit of government surveillance work is now being reused in criminal schemes to drain cryptocurrency wallets and ...