Search

bleepingcomputer.com › news › security

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

…1 , many sites failed to install the security update. SentinelOne published on February 27 details about CVE-2026-26980 being exploited in attacks and how incidents can be detected. The researchers observed…

May 24, 2026 · Bill Toulas

Top stories

hothardware.com

Millions of Chrome and Edge Users Exposed To Alarming Exploit by Google Security Blunder

6d ago

tomshardware.com

Researchers attack AMD's Infinity Fabric to bypass hardware security protections with 'Fabricked' — flaw lets malicious cloud hosts silently read confidential VM memory and forge attestation reports

1w ago

tomshardware.com

First Apple M5 memory exploit discovered using Anthropic AI, gives root access on MacOS — Claude Mythos helps security researchers bypass Memory Integrity Enforcement

1w ago

engadget.com

Security researchers, aided by Anthropic's Mythos, claim to have breached macOS - Engadget

1w ago

neowin.net › news

Microsoft, CISA warn on flaw affecting miilions of systems running major Linux distros

…About it, the Cybersecurity and Infrastructure Security Agency (CISA) writes : "This Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks…

May 4, 2026 · Sayan Sen

theregister.com › security › 2026 › …

Critical Microsoft Excel bug weaponizes Copilot Agent

Security Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack Could steal sensitive personal and financial data After a whopper of a Patch Tuesday last month , with six…

Mar 10, 2026 · Jessica Lyons

bleepingcomputer.com › news › security

73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation

…By 2025 , it was down to 23 days.  Recent CVE-to-exploit pairings from CISA KEV, VulnCheck KEV, and exploit databases now show a median delta of roughly 10 hours . Reversing a…

May 13, 2026

Discussions and forums

Hacker News · u/randersson1000 · Apr 22, 2026

Speed Matters: Why AI Software Vulnerability Exploitation is going be bad

I co-founded a successful security company close to the Mythos ecosystem and have spoken with participants in the know and I am deeply concerned. We, collectively, have answers for some but not all of the problems ahead …

13 5

r/netsec · u/unknownhad · 2w ago

The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.

The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …

Hacker News · u/introvertmac · Dec 3, 2025

Tell HN: Compliance is not equal to Security

For over a decade, I’ve been doing bug bounty, security audits, and security consulting. And if there’s one thing I’ve seen repeatedly, it’s this:Most startups call a security engineer or hire a security agency only when…

1 1

Hacker News · u/cayleyh · 1w ago

Ask HN: Are advances in AI going to push Linux to a micro-kernel?

This is something that has been bouncing around my head for the past couple weeks with the flood of security related news around Mythos and the number of 0days being found.Microkernels, unikernals, hardware-enforced capa…

4 9

Hacker News · u/honeylabs · 1w ago

Show HN: HoneyLabs – Public honeypot threat Intel feed and MCP server

I've been running a small fleet of honeypots for about a year. They get hit by a mix of research scanners (Censys, Shadowserver, etc.), old worms, and a bump of CVE probes the day a new Nuclei template ships. The data wa…

4 2

techcrunch.com › 2026 › 05 › …

Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites | TechCrunch

…Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that the vulnerability — tracked as CVE-2026-41940 — was being exploited in the wild, and added it to its Known Exploited Vulnerabilities (KEV…

May 4, 2026 · Lorenzo Franceschi-Bicchierai

pcworld.com › article › 3116311

Unpatched Microsoft Defender flaw lets hackers gain admin access

A security vulnerability was recently discovered in Microsoft Defender, the first-party Windows 11 antivirus tool used by millions. Attackers can exploit this vulnerability to gain elevated system privileges and cause significant…

Apr 16, 2026 · By Laura Pippig

techradar.com › pro › security

Another major Linux security flaw revealed — 'Dirty Frag' allows root on all major distros, with no patch or fix available yet

…Security researcher Hyunwoo Kim disclosed finding a nine-year-old flaw, and published a proof-of-concept (PoC) exploit. He named the vulnerability Dirty Frag, and explained that it works by chaining…

May 8, 2026 · Sead Fadilpašić

hothardware.com › news

Hot on the Heels of Copy Fail, New Linux Bugs Grant Root Privileges

…As we've seen with Windows, only one of the recent exploits courtesy of Nightmare-Eclipse have  been patched , but not before the security holes and exploits were publicly disclosed. Tags:   Linux…

May 23, 2026 · Chris Harper

bleepingcomputer.com › news › security

Critical vm2 sandbox bug lets attackers execute code on hosts

…The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit…

May 6, 2026 · Bill Toulas

blog.cloudflare.com

How Cloudflare responded to the “Copy Fail” Linux vulnerability

…Our security team worked with kernel engineers to determine which kernel versions were vulnerable and assess the potential exposure. Validating coverage: Security reviewed the exploit technique and confirmed that our existing behavioral…

May 7, 2026 · Chris J Arges