Tag: exploit
-
Google researchers uncover criminal zero-day exploit likely built with AI
Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/11/google-ai-vulnerability-exploitation/
-
Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Your work apps are quietly handing 19 data points to someone Office work in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/10/week-in-review-cpanel-vulnerability-actively-exploited-digicert-breach-linkedin-job-scams/
-
Hackers used AI to develop zero-day exploit for web admin tool
Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-hackers-used-ai-to-develop-zero-day-exploit-for-web-admin-tool/
-
cPanel and WHM Servers Targeted in Attacks Exploiting CVE-2026-41940
A critical authentication bypass vulnerability affecting cPanel and WHM servers, identified as CVE-2026-41940, is currently under active exploitation by a highly sophisticated and elusive cybercriminal syndicate known as Mr_Rot13. The vulnerability carries a maximum severity CVSS score of 9.8, allowing unauthenticated remote attackers to completely bypass standard authentication protocols and gain full administrator privileges over…
-
Microsoft 365 Copilot Flaws Could Let Attackers Access Sensitive Data
Microsoft has disclosed a trio of critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. Released on May 7, 2026, these security flaws pose a substantial risk to enterprise data privacy and corporate confidentiality. If successfully exploited, malicious actors could bypass established security boundaries to access sensitive information processed, summarized,…
-
PoC Exploit Released for Android Zero-Click Flaw Enabling Remote Shell Access
Tags: access, android, cve, cyber, exploit, flaw, github, google, remote-code-execution, vulnerabilityPublic references indicate that a GitHub proof-of-concept is now circulating for CVE-2026-0073, the critical Android flaw documented in Google’s May 2026 security bulletin, raising the urgency for defenders with wireless ADB enabled on test or production devices. Google and multiple security reports describe the issue as a no-interaction remote code execution vulnerability in Android’s adbd…
-
Hackers Use AI for Exploit Development, Attack Automation
Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/hackers-ai-exploit-dev-attack-automation
-
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
Tags: ai, attack, ceo, cyber, cybersecurity, exploit, framework, github, Hardware, identity, infrastructure, Internet, penetration-testing, RedTeam, risk, threat, tool, vulnerability, zero-dayIdentity, who the AI agent is.Scope, what it is authorized to do.Attestation, whether it or its instructions have been tampered with.Delegation, who delegated authority.Revocation, whether that authority has been revoked.”Every AI agent on the internet today is a stranger. You don’t know who it is, what it’s authorized to do, or whether it’s been tampered…
-
Your Purple Team Isn’t Purple, It’s Just Red and Blue in the Same Room
Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A patch waiting on a change-approval window that’s longer than the exploitation window itself.Nobody in that…
-
New ‘Dirty Frag’ exploit targets Linux kernel for root access
Tags: access, attack, control, cve, exploit, linux, malicious, microsoft, mitigation, monitoring, switch, tool, vulnerabilityAttackers are already exploiting Dirty Frag: Microsoft warned that Dirty Frag is already being actively exploited in the wild, primarily as a post-compromise privilege escalation tool. The company said attackers are using the vulnerability after obtaining an initial foothold on vulnerable Linux systems, allowing them to elevate privileges from a low-level user account to full…
-
Ollama OutBounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory.The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as CVE-2026-7482 (CVSS score: 9.1). It has been codenamed Bleeding Llama by Cyera.Ollama is a First seen…
-
1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution
Tags: ai, attack, authentication, breach, cloud, control, credentials, data, data-breach, defense, exploit, framework, governance, identity, infrastructure, Internet, LLM, malicious, monitoring, network, risk, service, supply-chain, threat, tool, vulnerability, zero-trustThe epistemological chasm: What renders MCP vulnerabilities particularly vexatious is the fundamental asymmetry they exploit between machine cognition and human oversight.Tool poisoning attacks insert malevolent instructions into tool metadata that LLMs process with complete fidelity but that remain utterly invisible to human operators. The machine perceives everything; its ostensible supervisors perceive nothing. We have unwittingly…
-
AI-powered hacking has exploded into industrial-scale threat, Google says
Criminal groups and state-linked actors appear to be using commercial models to refine and scale up attacks<ul><li><a href=”https://viewer.gutools.co.uk/business/live/2026/may/11/uk-economy-job-losses-iran-war-oil-pound-bonds-politics-starmer-live-updates”>Business live latest updates</li></ul>In just three months, AI-powered hacking has gone from a nascent problem to an industrial-scale threat, according to a report from Google.The findings from Google’s threat intelligence group add to an intensifying, global discussion about…
-
Google spotted an AI-developed zero-day before attackers could use it
Researchers found artifacts in the code that proved AI was heavily involved. A prominent cybercrime group planned to exploit the zero-day en masse for financial gain. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-threat-intelligence-group-ai-developed-zero-day-exploit/
-
Per DHCP-Antwort zum Root: KI findet 21 Jahre alte Schadcode-Lücke in FreeBSD
Auf unzähligen FreeBSD-basierten Systemen lässt sich über einen bösartigen DHCP-Server im Netzwerk Schadcode einschleusen und als Root ausführen. First seen on golem.de Jump to article: www.golem.de/news/per-dhcp-antwort-zum-root-ki-findet-21-jahre-alte-schadcode-luecke-in-freebsd-2605-208535.html
-
PoC Exploit Released for Dirty Frag Linux Kernel Vulnerability
A proof-of-concept exploit for a new Linux kernel vulnerability class dubbed >>Dirty Frag<<. This universal local privilege escalation vulnerability allows attackers to obtain root access across most major Linux distributions reliably. Because a third party unexpectedly broke the responsible disclosure embargo, the exploit is now public without official patches or an assigned Common Vulnerabilities and…
-
NWHStealer Campaign Deploys Bun Loader, Anti-VM Evasion, and Encrypted C2
A new distribution method for the NWHStealer infostealer that leverages the Bun JavaScript runtime, marking a significant evolution in the malware’s delivery infrastructure. The threat actors behind this Rust-based stealer are exploiting Bun’s relative newness and high-performance capabilities to package malicious code into larger executables that evade traditional detection methods. Bun is a legitimate, fast…
-
13 new critical holes in JavaScript sandbox allow execution of arbitrary code
VM.run() can obtain host process object and runs host commands with zero co-operation from the host.However, researchers at Socket told us in an email that the advisory about this escape says it has been confirmed only on Node.js 25.6.1, and requires a Node.js version with WebAssembly exception handling and JSTag support.The highest-risk scenario, they said, would be an…
-
Canvas login portals hacked in mass ShinyHunters extortion campaign
The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and universities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign/
-
Ivanti customers confront yet another actively exploited zero-day
Attackers are hitting a frequent target in the network edge space, intruding victim networks through a defect in a widely used mobile endpoint security product. First seen on cyberscoop.com Jump to article: cyberscoop.com/ivanti-epmm-zero-day-vulnerability-exploited/
-
Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks
Palo Alto says hackers exploited PAN-OS zero-day CVE-2026-0300 for weeks, gaining root access to exposed firewalls and hiding traces. Palo Alto Networks warned that suspected state-sponsored hackers have been exploiting the critical PAN-OS zero-day CVE-2026-0300 for nearly a month. After exploiting the flaw, attackers deployed tunneling tools such as EarthWorm and ReverseSocks5, used stolen credentials…
-
CrowdStrike Partners: AI Vulnerability Surge Means It’s Time To ‘Pick A Platform’ In Security
The combination of a fast-moving platform vendor like CrowdStrike and advanced security services will be critical for being able to protect customers in the coming era of AI-accelerated exploitation of vulnerabilities, according to executives from top CrowdStrike partners. First seen on crn.com Jump to article: www.crn.com/news/security/2026/crowdstrike-partners-ai-vulnerability-surge-means-it-s-time-to-pick-a-platform-in-security
-
U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-6973 (CVSS score of 7.1), to its Known Exploited Vulnerabilities (KEV) catalog. Ivanti warns customers…
-
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild.The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1.It allows “a remotely authenticated user with administrative access to achieve remote code…
-
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Tags: cloud, container, credentials, cve, cybersecurity, data, data-breach, exploit, finance, framework, infrastructure, service, theft, wormCybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments.”The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting First seen on thehackernews.com Jump to article:…
-
Cryptohack Roundup: Bitcoin Core Reveals High-Severity Flaw
Also: TrustedVolumes, Wasabi Protocol and Ekubo Hacks. This week, Bitcoin Core revealed a memory safety flaw, hackers exploited TrustedVolumes, Wasabi Protocol and Ekubo, Bithumb suspension paused, sentencing in U.S. theft case, prosecutors seek 20-year sentence for Delio CEO and North Korea denied that it’s a thief. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-bitcoin-core-reveals-high-severity-flaw-a-31625
-
Palo Alto Networks warns state-linked cluster behind zero-day exploitation
A patch for the flaw, which hackers began targeting in early April, won’t be ready for another week. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/palo-alto-networks-state-linked-zero-day/819588/
-
Cisco patches high-severity flaws enabling SSRF, code execution attacks
Cisco fixed several high”‘severity flaws in its enterprise products, including SSRF bugs in Unity Connection that could enable code execution or service disruption. Cisco released patches for multiple high”‘severity vulnerabilities affecting its enterprise products. Successful exploitation could allow code execution, server”‘side request forgery (SSRF), or denial”‘of”‘service attacks. Two notable flaws, CVE”‘2026″‘20034 and CVE”‘2026″‘20035, impact Cisco…
-
CloudZ RAT Abuses Windows Phone Link to Steal OTPs
Cisco Talos discovered the CloudZ RAT exploiting Microsoft Phone Link to intercept SMS-based OTPs from Windows endpoints. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cloudz-rat-abuses-windows-phone-link-to-steal-otps/
-
Ivanti warns of new EPMM flaw exploited in zero-day attacks
Tags: attack, endpoint, exploit, flaw, ivanti, mobile, remote-code-execution, update, vulnerability, zero-dayIvanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-warns-of-new-epmm-flaw-exploited-in-zero-day-attacks/