The most severe Linux threat to surface in years catches the world flat-footed

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Global GPT ‘Cheat Code’ Exploit Compromises 90% of Online Compliance Training Programs, New Analysis Finds

Exploit allows training completion to be recorded without course interaction, impacting OSHA, medical, legal, and other ...

$200K gone in seconds: How a Morse code message manipulated Grok into a $200,000 crypto transfer—what this shocking incident means for AI security

The incident underscores rising risks at the intersection of artificial intelligence and automated financial systems, ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
The Hacker News

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

CVE-2026-0300 exploited after April 9 attempts enables PAN-OS RCE, leading to stealth espionage and lateral movement by April ...
Bleeping Computer

Trellix source code breach claimed by RansomHouse hackers

The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. Yesterday, the ...
The Hacker News

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

MetInfo CMS flaw CVE-2026-29014 exploited after April 7 patch, enabling remote code execution and targeting 2,000 instances.

Claude Opus wrote a Chrome exploit for $2,283

In a blog post on Wednesday, Mohan Pedhapati (s1r1us), CTO of Hacktron, described how he used Opus 4.6 to create a full ...
Dark Reading

Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug

With a hunch, and an hour of AI-assisted scanning, cybersecurity researchers identified and then figured out how to exploit a ...
BeInCrypto

Another DeFi Exploit Drains 150,000 SUI From Scallop’s Deprecated Contract

Scallop lost 150K SUI in a Sui DeFi exploit targeting a deprecated rewards contract. The team will cover the full loss.
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...