CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
CSO Online

Seven IBM WebSphere Liberty flaws can be chained into full takeover

A pre‑authentication bug in SAML Web SSO, combined with weak access controls and cryptography, allows attackers to escalate privileges and achieve remote code execution.
PCMag on MSN

I Asked AI to Create Passwords. Here's Why I'll Never Do That Again

They may look complex, but AI-generated passwords often follow predictable patterns that hackers can exploit. I'll show you ...
BeInCrypto

Bridged Polkadot Reportedly Hit by Exploit as Attacker Mints 1 Billion DOT Tokens

Attacker reportedly exploits a Hyperbridge gateway vulnerability to mint 1B bridged DOT on Ethereum, then dumps it for 108.2 ...
SecurityWeek

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical Nginx UI vulnerability that allows attackers to take full control of servers has been exploited in the wild.
Live Science on MSN

Hackers used Claude and ChatGPT to steal hundreds of millions of Mexican government records

A group of hackers used both Claude Code and ChatGPT in a cybersecurity hack that lasted two and a half months.

Claude Mythos Isn’t Just A PR Stunt, It’s The New Face Of Offensive AI

Claude Mythos represents a new generation of AI models that can conduct autonomous attacks more effectively than ever before.
Dark Reading

North Korea Uses ClickFix to Target macOS Users' Data

North Korea's Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials ...