Microsoft Confirms Active 0-Day Exploit—Check Emergency Mitigation

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.
CoinTelegraph

THORChain confirms $10M exploit, rolls out recovery portal for affected users

THORChain has launched a recovery portal following a $10 million exploit, allowing affected users across four chains to revoke malicious approvals and claim refunds. THORChain has confirmed a $10 ...
PC World

Unpatched Microsoft Defender flaw lets hackers gain admin access

PCWorld reports on the ‘RedSun’ vulnerability in Microsoft Defender affecting Windows 10, 11, and Server systems that allows attackers to gain administrative privileges. Security researcher Chaotic ...
MacRumors

Here's How Researchers Stole $10,000 From MKBHD's Locked iPhone

An iPhone exploit that involves a linked Visa card can allow attackers to steal money from a locked device using NFC, but the process is complex, requiring physical access and specialized hardware.
Wall Street Journal

AI Is Finding Bugs That Hackers Can Exploit. Get Ready for Bugmageddon.

The software bug was capable of crashing an operating system used by firewalls, servers and network appliances. It went undetected for over 27 years. Last month, it was caught by Mythos, the latest AI ...
TechRepublic

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over systems, with no patch yet available. Attackers have been exploiting a ...
Dark Reading

'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues

The leak online of exploit code for an apparent Windows zero-day flaw dubbed "BlueHammer" could be the sign of a larger issue that security researchers face when collaborating with Microsoft on ...
Forbes

Angry Hacker Drops Microsoft Zero-Day Exploit, 1 Billion Users Warned

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
GitHub

Check, exploit, generate class, obfuscate, TLS, ACME about log4j2 vulnerability in one Go program.

Log4Shell.exe -host "example.com" -tls-server -tls-cert "cert.pem" -tls-key "key.pem" Log4Shell.exe -host "1.1.1.1" -tls-server -tls-cert "cert.pem" -tls-key "key.pem ...
CoinDesk

Drift says $270 million exploit was a six-month North Korean intelligence operation

A six-month intelligence operation preceded the $270 million exploit of Drift Protocol and was carried out by a North Korean state-affiliated group, according to a detailed incident update published ...
The Bakersfield Californian

Azul Shows That Mean Time to Exploit Java Vulnerabilities Drops to Five Days

Azul, the trusted leader in enterprise Java for today’s AI and cloud-first world, today highlighted growing security risks for enterprises relying on free, unsupported Java runtimes. Azul demonstrated ...
Morningstar

Azul Shows That Mean Time to Exploit Java Vulnerabilities Drops to Five Days

Azul webinar series examines the hidden security, compliance and productivity costs of free Java runtimes Azul, the trusted leader in enterprise Java for today’s AI and cloud-first world, today ...