#vulnerability
4 articles exploring vulnerability. Expert insights and analysis from our editorial team.
Articles
Next.js CVE-2026-44578: WebSocket Upgrade SSRF Hits 79,000 Self-Hosted Instances From 13.4.13 Onward
Next.js 15.5.16 and 16.2.5 patch an unauthenticated WebSocket upgrade SSRF. A single absolute-form URL request proxies internal traffic, exposing 79,000 self-hosted instances.
March-April MCP CVEs Expose the Local-Host Trust Model in AI Agent Frameworks
Three CVEs scoring up to 9.8 reveal a structural flaw: MCP's local-host trust model lacks authentication primitives for networked multi-tenant deployments.
How Researchers Hacked McKinsey's AI Platform—and What It Reveals
Security researchers at CodeWall used an autonomous AI agent to breach McKinsey's Lilli platform in approximately two hours, exposing 46.5 million messages through SQL injection—a decades-old technique that enterprise AI teams consistently fail to prevent.
Zero-Day CSS: When Your Stylesheet Becomes a Security Vulnerability
CVE-2026-2441 is a critical zero-day CSS vulnerability in Chromium-based browsers allowing remote code execution through crafted HTML pages. Here's how attackers weaponize CSS parsing flaws and what developers must do to protect users.