A vulnerability has been discovered in early builds of OpenVPN, allowing attackers to execute arbitrary commands on a user’s machine. The flaw affects versions from 2.7_alpha1 through 2.7_beta1 and poses a serious threat to...
A newly discovered vulnerability in ChatGPT Atlas, the experimental browser developed by OpenAI, allows attackers to silently inject malicious commands into the AI’s persistent memory, enabling the execution of arbitrary code on behalf of...
Cyberthreat analysts are reporting active exploitation of a critical vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287. Merely days after Microsoft released an emergency patch and CISA added the flaw to its...
In March 2025, Kaspersky Lab recorded a surge of infections triggered when users followed personalized phishing links sent via email. No additional interaction was required to activate the attack—merely opening the malicious site in...
Government-backed hackers infiltrated a U.S. nuclear weapons component manufacturer by exploiting vulnerabilities in Microsoft SharePoint. The incident affected the Kansas City National Security Campus (KCNSC), part of the National Nuclear Security Administration (NNSA) under...
In mid-summer 2025, the ToolShell vulnerability (CVE-2025-53770) became the catalyst for a major wave of compromises. Attackers exploited the flaw on SharePoint servers shortly after Microsoft released its patch, gaining unauthenticated access to files...
A widespread exploitation campaign has descended upon WordPress sites: attackers are targeting installations that use the GutenKit and Hunk Companion plugins, which harbor critical flaws permitting arbitrary code execution on vulnerable servers. Wordfence, a...
Researchers at SquareX have published a comprehensive report on a newly discovered vulnerability known as AI Sidebar Spoofing—a novel class of attacks that leverages malicious browser extensions disguised as AI sidebar interfaces. This technique...
Hackers have begun actively exploiting a newly disclosed vulnerability in the Windows Server Update Services (WSUS) component. The flaw, tracked as CVE-2025-59287, already has a publicly available proof-of-concept (PoC) exploit, dramatically increasing the likelihood...
Researchers from Team Z3 have withdrawn their planned demonstration of a WhatsApp vulnerability at the Pwn2Own Ireland 2025 hacking competition — an exploit that could have earned them a record $1 million prize. According...
On the second day of Pwn2Own Ireland 2025, participants delivered an impressive display of skill, uncovering 56 new zero-day vulnerabilities and earning a combined total of $792,750 in rewards. This marks the second phase...
The developers of BIND, the world’s most widely used domain name resolution software, have issued a warning about two critical vulnerabilities that allow attackers to tamper with DNS query results and redirect users to...
