CrowdStrike and Google take down botnet used by hackers to target open source software developers

Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
Dark Reading

AI-Assisted Exploit Development Outpaces Scanner Detection

Attackers have reduced the time to develop an exploit for a known vulnerability from 125 days to a mere half a day, thanks to the use of AI-assisted development, leaving vulnerability scanners ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...
CSO Online

Google leaks details for Chromium bug that can turn browsers into bots

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...
CoinTelegraph

Drift Protocol says deposits and withdrawals suspended amid active attack

A threat researcher estimates the exploit could reach $200 million and may be linked to a compromised private key. Drift Protocol, a decentralized cryptocurrency exchange (DEX), detected unusual ...
Engadget

Security researchers, aided by Anthropic's Mythos, claim to have breached macOS

Apple's operating systems are known for their security, especially compared to their rivals in mobile and computing. Now, security researchers from a Palo Alto-based company called Calif claim they ...
CoinDesk

Thorchain halts trading after $10 million cross-chain exploit, RUNE token drops 12%

Decentralized cross-chain liquidity protocol THORChain was exploited for roughly $10.8 million on Friday, with the attack affecting deployments across four different blockchains. In response, the ...
9to5Mac

Calif team details how Anthropic Mythos helped build a working macOS exploit in five days

The team behind the first public macOS kernel memory corruption exploit on M5 silicon has shared fresh details on how Mythos Preview helped bypass a five-year Apple security effort in five days. Last ...
Wall Street Journal

Apple’s Security Has Been Tough to Crack. Mythos Helped Find a Way In.

Security researchers say they have discovered a new way of circumventing Apple’sAAPL1.97%increase; green up pointing triangle state-of-the art security technology, using techniques they discovered ...
Bleeping Computer

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. Burst Statistics is a privacy-focused analytics ...
TechSpot

A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it

The Epitome of WTF: A researcher known as "Nightmare-Eclipse" recently released YellowKey, a security vulnerability that allegedly enables a full bypass of BitLocker's full-volume encryption. The ...