CoinTelegraph

Liquid restaking protocol Bedrock suffers $2M exploit

Bedrock said the root cause of the exploit has been “handled” and reassured users that all remaining assets were safe. Multi-asset liquid staking protocol Bedrock confirmed it fell victim to a ...
The Atlantic

Security Exploit Snapchat Was Warned About Has Compromised 4.6 Million Users' Information

Snapchat, the temporary photo-sharing app that Reuters called one of 2013's "top smartphone apps," has been hacked, with 4.6 million usernames and associated phone numbers compiled into a database ...

Google Issues Emergency Chrome Update — 0Day Exploit Confirmed

Don’t delay, ensure Chrome is updated now as Google confirms an emergency security alert. CVE-2026-2441 exploited in the wild ...
Bleeping Computer

Fake LDAPNightmware exploit on GitHub spreads infostealer malware

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The ...
Security Boulevard

Purpose-built AI Security Agent Detected 92% of DeFi Contracts Vulnerabilities

Baseline coding agents didn’t fare too well against purpose-built AI security agents in detecting flaws in DeFi contracts underscoring that organizations must not rely on audits and must press AI into ...
Bleeping Computer

Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland

On the first day of Pwn2Own Ireland, participants demonstrated 52 zero-day vulnerabilities across a range of devices, earning a total of $486,250 in cash prizes. Viettel Cyber Security took an early ...
Fox News

New Android attack tricks you into giving dangerous permissions

A team of academic researchers has uncovered a new Android security exploit that raises a lot of questions about the platform’s permission system. The technique, named TapTrap, uses user interface ...
VentureBeat

Infostealers added Clawdbot to their target lists before most security teams knew it was running

Clawdbot's MCP implementation has no mandatory authentication, allows prompt injection, and grants shell access by design. Monday's VentureBeat article documented these architectural flaws. By ...
HHS

Exploit Attempts Surge for React2Shell

Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn. See Also: ...
TweakTown

WinRAR 'high-risk' exploit discovered, make sure you update to the latest release

TL;DR: WinRAR has a critical security vulnerability (CVE-2025-6218) allowing remote code execution via directory traversal in Windows versions. This exploit risks sensitive data and system integrity.
Dark Reading

2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

Attackers are already actively exploiting two vulnerabilities for which Microsoft issued patches on Nov. 12 as part of its monthly security update. And they could soon begin targeting two other ...
Cult of Mac

Security Expert Hacks a Mac in Seconds

Charlie Miller, principal security analyst at Independent Security Evaluators, used a security exploit in Safari 4 to hack into a MacBook in about 10 seconds Wednesday, winning the Pwn2own contest at ...