CoinDesk

The $293 million KelpDAO hack shows why DeFi is finally being forced to grow up

For protocol founders and security researchers, the incident reinforced a broader shift underway across crypto: DeFi is no longer primarily battling coding bugs. It’s battling complexity.
SecurityWeek

Researcher Drops YellowKey, GreenPlasma Windows Zero-Days

A disgruntled security researcher this week publicly disclosed two zero-day vulnerabilities in Windows that enable BitLocker ...

Microsoft Windows Alert—Angry Hacker Drops 2 New Zero-Day Exploits

The latest Microsoft Patch Tuesday rollout featured no zero-days. However, an angry hacker has just dropped two new 0-day ...

Angry Hacker Drops Microsoft Zero-Day Exploit, 1 Billion Users Warned

A security researcher frustrated with Microsoft has released the BlueHammer Windows zero-day exploit, telling the company, “I'm not explaining how this works.” ...
Morning Overview on MSN

The average time from a vulnerability being published to a working exploit is now just 10 hours

In late May 2023, a critical flaw in the MOVEit file-transfer platform was publicly disclosed. Within hours, the Cl0p ...
Ars Technica

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor

Researchers have discovered malicious code circulating in the wild that hijacks the earliest stage boot process of Linux devices by exploiting a year-old firmware vulnerability when it remains ...

The most severe Linux threat to surface in years catches the world flat-footed

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe ...
TweakTown

WinRAR 'high-risk' exploit discovered, make sure you update to the latest release

TL;DR: WinRAR has a critical security vulnerability (CVE-2025-6218) allowing remote code execution via directory traversal in Windows versions. This exploit risks sensitive data and system integrity.
The Hacker News

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim has released security updates to address a severe security issue affecting certain configurations that could enable ...
CSOonline

Gen AI is transforming vulnerability hunting for pen-testers and attackers alike

Large language models (LLMs) are proving to be valuable tools for discovering zero-days, bypassing detection, and writing exploit code, thereby lowering the barrier to entry for penetration testers — ...
Infosecurity-magazine.com

61% of Hackers Use New Exploit Code Within 48 Hours of Attack

In 2024, cyber-criminals have launched attacks within 48 hours of discovering a vulnerability, with 61% of hackers using new exploit code in this short timeframe. Companies faced an average of 68 days ...
Infosecurity-magazine.com

Malicious VS Code Extensions Exploit Name Reuse Loophole

A new campaign involving malicious Visual Studio Code (VS Code) extensions has exposed a loophole in the VS Code Marketplace that allows threat actors to reuse names of previously removed packages.