Microsoft warns of new Defender zero-days exploited in attacks
… For example, type "Security" in the Search bar, then select the Windows Security program. …
Search
All sources
bleepingcomputer.com
35
theregister.com
17
pcworld.com
7
theverge.com
7
tomshardware.com
6
androidauthority.com
5
hothardware.com
5
appleinsider.com
4
extremetech.com
4
9to5mac.com
4
tweaktown.com
4
neowin.net
4
Videos
More videos
This Linux Bug Gives Attackers Root
The First Exploit - Pwn2Own Documentary (Part 2)
Dirty Frag Won't Be The Last Exploit
Sorry Windows 10 Users...
Firefox JIT Bug - Pwn2Own Documentary (Part 3)
An initiative to secure the world's software | Project Glasswing
Microsoft Windows Agentic AI Malware
AI Is Hacking Everything Now...
Intel again making chips for Apple? Googlebook + [UNNAMED] OS - Talking Heads Ep.432
A Vulnerability to Hack The World - CVE-2023-4863
MechaCon: PS2s Unbreakable Gatekeeper ...Until it wasn't
Everyone's getting hacked
Top stories
Millions of Chrome and Edge Users Exposed To Alarming Exploit by Google Security Blunder
6d agoResearchers attack AMD's Infinity Fabric to bypass hardware security protections with 'Fabricked' — flaw lets malicious cloud hosts silently read confidential VM memory and forge attestation reports
1w agoFirst Apple M5 memory exploit discovered using Anthropic AI, gives root access on MacOS — Claude Mythos helps security researchers bypass Memory Integrity Enforcement
1w agoSecurity researchers, aided by Anthropic's Mythos, claim to have breached macOS - Engadget
1w agoCISA orders feds to patch actively exploited Drupal vulnerability
… Cybersecurity and Infrastructure Security Agency CISA added the flaw to its Known Exploited Vulnerabilities KEV Catalog and ordered Federal Civilian Executive Branch FCEB agencies to patch their systems by midnight on Wednesday, May 27, as mandated by Binding Operational Directive BOD 22-01 . …
Unknown attackers exploit another critical SharePoint bug
… In October, we learned that other Beijing crews – including Salt Typhoon – also joined in the attacks. ® security microsoft cybersecurity and infrastructure security agency cybercrime cyber-crime
Max severity Cisco Secure Workload flaw gives Site Admin privileges
… Cybersecurity and Infrastructure Security Agency CISA added the CVE-2026-20182 flaw to its Known Exploited Vulnerabilities Catalog on May 14 and ordered federal agencies to secure affected devices within three days, by May 17. …
Discussions and forums
A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it
A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it
Speed Matters: Why AI Software Vulnerability Exploitation is going be bad
I co-founded a successful security company close to the Mythos ecosystem and have spoken with participants in the know and I am deeply concerned. We, collectively, have answers for some but not all of the problems ahead …
13
5
The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.
The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …
Tell HN: Compliance is not equal to Security
For over a decade, I’ve been doing bug bounty, security audits, and security consulting. And if there’s one thing I’ve seen repeatedly, it’s this:Most startups call a security engineer or hire a security agency only when…
1
1
Ask HN: Are advances in AI going to push Linux to a micro-kernel?
This is something that has been bouncing around my head for the past couple weeks with the flood of security related news around Mythos and the number of 0days being found.Microkernels, unikernals, hardware-enforced capa…
4
9
Drupal critical update to fix bug with high exploitation risk
Drupal critical update to fix bug with high exploitation risk By Bill Toulas May 20, 2026 08:52 AM Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. …
Google: Spyware vendors, China-linked spies led 0-day abuse
… MORE CONTEXT Enterprise tech dominates zero-day exploits with no signs of slowdown The spyware business is booming despite government crackdowns Ex-L3Harris exec jailed 7 years for selling exploits to Russia Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover Google Threat Intelligence Gr… …
Palo Alto Networks firewall zero-day exploited for nearly a month
… Cybersecurity and Infrastructure Security Agency CISA also added the CVE-2026-0300 zero-day to its Known Exploited Vulnerabilities KEV Catalog and ordered Federal Civilian Executive Branch FCEB agencies to secure vulnerable firewalls by Saturday midnight, May 9. …
Exploit available for new DirtyDecrypt Linux root escalation flaw
… The Cybersecurity and Infrastructure Security Agency CISA added Copy Fail to its list of flaws exploited in attacks on May 1 and ordered federal agencies to secure their Linux devices within two weeks, by May 15. …
Exploit released for new PinTheft Arch Linux root escalation flaw
… Over the weekend, security researchers released PoC exploits targeting another recently patched Linux LPE tracked as DirtyDecrypt and DirtyCBC , which belongs to the same vulnerability class as several other root-escalation flaws, including Dirty Frag , Fragnesia , and Copy Fail . …
Qualcomm responds to GBL exploit used on latest Snapdragon flagships
… While Qualcomm recommends immediately updating phones as soon as security updates are available, these security patches will effectively close the loophole used for bootloader unlocking. …