New China-linked hackers breach telcos using edge device exploits

A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its ...

ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues

There’s a well-worn pattern in the development of AI chatbots. Researchers discover a vulnerability and exploit it to do ...

900,000 Users Hit as Malicious Chrome Extensions Steal ChatGPT, DeepSeek Chats

OX Security reveals how malicious Chrome extensions exposed AI chats from ChatGPT and DeepSeek, silently siphoning sensitive ...
Dark Reading

React2Shell Exploits Flood the Internet as Attacks Continue

A torrent of proof-of-concept (PoC) exploits for React2Shell has hit the internet following the vulnerability's disclosure last week, and while security researchers say most are fake, ineffective and ...
TechCrunch

Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to Russian broker

Peter Williams, the former general manager at defense contractor L3Harris, has pleaded guilty to selling surveillance technology to a Russian broker that buys “cyber tools,” the U.S. Department of ...
ZDNet

This new Android exploit can steal everything on your screen - even 2FA codes

Pixnapping could be used to steal private data, including 2FA codes. Side-channel attack abuses Google Android APIs to steal data on display. Flaw is partially patched, although a more complete fix is ...
CoinTelegraph

Apple patches zero-click exploit threatening crypto users

Apple patched a zero-click vulnerability that allowed sophisticated attackers to compromise devices and could have led to cryptocurrency theft; it urged immediate updates. Apple is urging users to ...
Computer Weekly

Commvault users told to patch two RCE exploit chains

Data backup and replication specialist Commvault has issued patches covering off four vulnerabilities in its core software product that, left unaddressed, could be combined to achieve two distinct ...
Forbes

WhatsApp Security — New $1 Million 0-Click Messaging Exploit

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Twice every year, some of the best hackers on the planet get ...
CSOonline

Exploit details released for Citrix Bleed 2 flaw affecting NetScaler

Amid confusing reports about Citrix NetScaler exploits in the wild, researchers offer technical analyses and indicators of compromise for one of the vulnerabilities dubbed Citrix Bleed 2 that can lead ...
Dark Reading

Researchers Detail Zero-Click Copilot Exploit 'EchoLeak'

A critical vulnerability could have enabled attackers to unleash prompt injection attacks against Copilot users, though Microsoft ultimately addressed the issue before it went public. Aim Security, a ...
Forbes

VMware Hacked As $150,000 Zero-Day Exploit Dropped

Pwn2Own hackers use $150,000 exploit on VMware ESXi. The elite hackers attending Pwn2Own in Berlin have made hacking history by successfully deploying a zero-day exploit against VMware ESXi. Having ...