Critical jsPDF flaw lets hackers steal secrets via generated PDFs

The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that ...
Nature

How viral RNAs escape a host mechanism that controls translation

This is a summary of: Liu. H. et al. Viral RNA blocks circularization to evade host codon usage control. Nature https://doi.org/10.1038/s41586-025-09809-y (2025).

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could ...
InfoWorld

Open WebUI bug turns the ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...
The Hacker News

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

A critical CVSS 9.2 flaw in AdonisJS bodyparser lets attackers write arbitrary files via path traversal when uploads are ...

VSCode IDE forks expose users to "recommended extension" attacks

Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, ...
Security Boulevard

Top CVEs of December 2025

December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...