This article explores vulnerabilities in various Object Relational Mappers (ORMs), focusing on how improper filtering can expose sensitive data. It highlights specific cases in Beego and Prisma ORMs and discusses exploitation methods, including time-based attacks. The authors also provide tools for detecting these vulnerabilities.

The article reports on 884 new Known Exploited Vulnerabilities (KEVs) identified in 2025, highlighting that nearly 29% were exploited on or before their CVE publication date. It emphasizes the rapid pace of exploitation and the need for organizations to prioritize timely remediation of both new and existing vulnerabilities.

Researchers assessed AI models' abilities to exploit smart contracts, revealing significant potential financial harm. They developed a benchmark, SCONE-bench, that demonstrates AI's capacity to discover vulnerabilities and generate exploits, emphasizing the need for proactive defenses.

The article details eight vulnerabilities in Claude Code that allow arbitrary command execution without user approval. It explains how flaws in the permission model and regex blocklists can be exploited through various commands like `man`, `sort`, and `git`. Each method demonstrates a different oversight in command argument filtering.

Security researchers found serious vulnerabilities in Ollama and NVIDIA Triton Inference Server that could allow remote code execution. Although these flaws have been patched, they highlight growing security concerns around AI infrastructure and the shift in focus from model exploitation to infrastructure vulnerabilities.

The article discusses the vulnerabilities identified in Q1 2025, highlighting a list of known exploited Common Vulnerabilities and Exposures (CVEs). It emphasizes the importance of timely updates and patches to mitigate risks associated with these vulnerabilities, as well as the significance of awareness in cybersecurity practices.

Pynt's research on 281 MCP configurations reveals that over 70% of MCP plugins expose vulnerabilities that can be exploited through untrusted inputs and privileged actions. The study highlights how the combination of multiple MCPs can create significant risks, leading to silent attacks that bypass traditional security measures, emphasizing the need for a new security model that accounts for the unique threats posed by MCPs.

Two new zero-day vulnerabilities in Windows have been discovered and are currently being exploited by cybercriminals. The flaws could allow attackers to execute arbitrary code and gain elevated privileges on affected systems, prompting urgent calls for users to update their software and security measures.

SonicWall has alerted customers that two vulnerabilities in its Secure Mobile Access (SMA) appliances are being actively exploited. The vulnerabilities, CVE-2023-44221 and CVE-2024-38475, allow for command injection and unauthorized code execution, respectively, and affect several SMA device models. Users are urged to update to the latest firmware to mitigate risks and review their systems for unauthorized access.

The article discusses vulnerabilities in the open game panel, specifically focusing on remote code execution (RCE) risks. It highlights the potential for exploitation and provides insights into mitigating these security threats in gaming environments.

The article discusses the security vulnerabilities associated with misconfigured Redis instances, highlighting how attackers can exploit these weaknesses to gain unauthorized access to sensitive data. It emphasizes the importance of proper configuration and security measures to protect Redis installations from potential threats.