Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry’s collective “to-do list” has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is a formal admission that traditional Vulnerability Management (VM) is no longer a viable way to secure a modern
Analysis of 6 Billion Passwords Shows Stagnant User Behavior
The most common stolen passwords in 2025 were 123456, admin, and password, according to a Specops study.
The post Analysis of 6 Billion Passwords Shows Stagnant User Behavior appeared first on SecurityWeek.
Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs
Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization.
Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or
Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or
VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code
The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model.
That’s according to new findings from Check Point Research, which identified operational security blunders by malware’s author that provided clues to its developmental origins. The latest insight makes
That’s according to new findings from Check Point Research, which identified operational security blunders by malware’s author that provided clues to its developmental origins. The latest insight makes
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords
LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to trick users into giving up their master passwords.
The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults in the next 24 hours. The
The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults in the next 24 hours. The
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript.
The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, 2025.
Binary-parser is a
The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, 2025.
Binary-parser is a
OpenAI’s ChatGPT Atlas browser is testing actions feature
Chromium-based ChatGPT Atlas browser is testing a new feature likely called “Actions,” and it can also understand videos, which is why you might see ChatGPT generating timestamps for videos. […]
Google says Gemini won’t have ads, as ChatGPT prepares to add them
OpenAI recently rolled out ads to ChatGPT in the United States if you use $8 Go subscription or a free account, but Google says it does not plan to put ads in Gemini. […]
OpenAI rolls out age prediction model on ChatGPT to detect your age
OpenAI is rolling out an age prediction model on ChatGPT to detect your age and apply possible safety-related restrictions to prevent misuse by teens. […]
ACF plugin bug gives hackers admin on 50,000 WordPress sites
A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions. […]