2160 items
Unread (2150) All Dismissed
HIGH
CVE-2025-41266 (CVSS 7.2) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41266 8d ago
HIGH
CVE-2025-41265 (CVSS 7.2) — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS ...
NVD CVE-2025-41265 8d ago
INFO
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
The Hacker News supply-chainbreachesmalware +19 4h ago
INFO
VoidStealer Malware Darts Past Google Chrome's Encryption
rss:darkreading 30d ago
INFO
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
The Hacker News 24d ago
INFO
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
rss:googleprojectzero 24d ago
INFO
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
SecurityWeek 16d ago
INFO
Google accidentally exposed details of unfixed Chromium flaw
BleepingComputer 15d ago
INFO
Google API Keys Remain Active After Deletion
rss:darkreading 15d ago
INFO
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
The Hacker News 10d ago
INFO
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
SecurityWeek 9d ago
INFO
US charges Google security engineer with Polymarket insider trading
BleepingComputer 8d ago
INFO
Google Chrome adds session cookie theft protection for all users
BleepingComputer 8d ago
INFO
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
The Hacker News 5d ago
INFO
Google fixes one actively exploited Android zero-day, 124 flaws
BleepingComputer 4d ago
INFO
Google adds Android protection against AI deepfake scam calls
BleepingComputer 3d ago
INFO
Malicious Notifications Could Trick Google Gemini Users
rss:darkreading 3d ago
INFO
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
The Hacker News 2d ago
INFO
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
The Hacker News 2d ago
INFO
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
The Hacker News 2d ago
INFO
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
The Hacker News 2d ago
INFO
Gemini Voice Assistant Hijacked via Messaging Notifications
SecurityWeek 1d ago
INFO
'The Com' Cyberattacks Support Violence & Sexploitation
rss:darkreading breachesmalwarethreat-actors 8d ago
INFO
CISA Adds One Known Exploited Vulnerability to Catalog
rss:cisa-advisories actively-exploitedadvisories 8d ago
INFO
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
The Hacker News supply-chainbreachesmalware 8d ago
HIGH
CVE-2026-46579 (CVSS 7.4) — A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Al...
NVD CVE-2026-46579 8d ago
HIGH
CVE-2026-42965 (CVSS 7.7) — A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vu...
NVD CVE-2026-42965 8d ago
HIGH
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
The Hacker News supply-chainbreachesmalware +19 19d ago
INFO
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
rss:darkreading 25d ago
INFO
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
rss:darkreading 24d ago
INFO
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
The Hacker News 24d ago
INFO
[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
The Hacker News 24d ago
INFO
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
The Hacker News 21d ago
INFO
Can Laws Stop Deepfakes? South Korea Aims to Find Out
rss:darkreading 19d ago
INFO
Processes and Culture Top Reasons Behind Data Breaches
rss:darkreading 16d ago
INFO
When Identity is the Attack Path
The Hacker News 16d ago
INFO
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The Hacker News 15d ago
INFO
Meta settles school district lawsuit claiming addictive design harmed students' mental health
The Record 14d ago
INFO
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
The Hacker News 14d ago
INFO
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
The Hacker News 11d ago
INFO
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Hacker News 11d ago
INFO
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
SecurityWeek 10d ago
INFO
California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
SecurityWeek 8d ago
INFO
California AG sues 23andMe over 2023 breach exposing health data
BleepingComputer 7d ago
INFO
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
SecurityWeek 2d ago
INFO
Chrome 149 Patches 429 Vulnerabilities
SecurityWeek 1d ago
INFO
EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers
The Record 22h ago
INFO
Man sent to prison for selling data of 7 millions elderly Americans
BleepingComputer breachesransomwaresupply-chain 8d ago
INFO
Chilling Effects
rss:schneier analysispolicynation-state 8d ago
INFO
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
The Hacker News supply-chainbreachesmalware 8d ago
INFO
Chrome 148 Update Patches 151 Vulnerabilities
SecurityWeek breachesransomwaresupply-chain 8d ago
HIGH
CVE-2026-6075 (CVSS 8.1) — The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers...
NVD CVE-2026-6075 8d ago
CRITICAL
CVE-2026-49199 (CVSS 9.8) — Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the t...
NVD CVE-2026-49199 8d ago
HIGH
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
The Hacker News supply-chainbreachesmalware +16 17d ago
INFO
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
rss:unit42 35d ago
INFO
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
rss:darkreading 25d ago
HIGH
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
The Hacker News 22d ago
HIGH
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
The Hacker News 19d ago
HIGH
Developer Workstations Are Now Part of the Software Supply Chain
The Hacker News 19d ago
HIGH
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
The Hacker News 18d ago
HIGH
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
The Hacker News 18d ago
INFO
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
SecurityWeek 17d ago
INFO
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
The Hacker News 12d ago
INFO
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
The Hacker News 8d ago
INFO
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
The Hacker News 4d ago
INFO
Red Hat npm packages compromised to steal developer credentials
BleepingComputer 4d ago
INFO
Supply Chain Attack Hits 32 Red Hat NPM Packages
SecurityWeek 4d ago
INFO
New IronWorm malware hits 36 packages in npm supply-chain attack
BleepingComputer 1d ago
INFO
Rust-Written IronWorm Hits NPM Supply Chain
rss:darkreading 1d ago
INFO
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
The Hacker News 18h ago
INFO
Hackers Leak DentaQuest Information Impacting 2.6 Million
SecurityWeek breachesransomwaresupply-chain +11 1d ago
INFO
Instructure Breach Exposes Schools' Vendor Dependence
rss:darkreading 30d ago
INFO
ShinyHunters Claims Second Attack Against Instructure
rss:darkreading 28d ago
INFO
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
The Hacker News 25d ago
INFO
Congress Puts Heat on Instructure After Canvas Outage
rss:darkreading 21d ago
INFO
7-Eleven confirms breach after ShinyHunters claims
The Record 16d ago
INFO
7-Eleven data breach exposes personal information of 185,000 people
BleepingComputer 11d ago
INFO
185,000 Likely Impacted by 7-Eleven Data Breach
SecurityWeek 11d ago
INFO
Charter confirms data breach after ShinyHunters extortion threat
BleepingComputer 10d ago
INFO
Carnival Cruise confirms data breach affecting nearly 6 million people
BleepingComputer 9d ago
INFO
Charter Communications data breach affects 4.9 million accounts
BleepingComputer 8d ago
INFO
Charter Communications Data Breach Could Impact Nearly 5 Million
SecurityWeek 7d ago
CRITICAL
CVE-2026-3655 (CVSS 9.8) — The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authenticati...
NVD CVE-2026-3655 8d ago
HIGH
CVE-2025-11262 (CVSS 7.2) — The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user...
NVD CVE-2025-11262 8d ago
CRITICAL
CVE-2026-8732 (CVSS 9.8) — The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account...
NVD CVE-2026-8732 +1 8d ago
INFO
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
SecurityWeek 4d ago
HIGH
CVE-2025-11993 (CVSS 8.8) — The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object...
NVD CVE-2025-11993 8d ago
INFO
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
The Hacker News supply-chainbreachesmalware 8d ago
INFO
Anthropic confirms Claude Mythos-class models will roll out to the public
BleepingComputer breachesransomwaresupply-chain 8d ago
CRITICAL
CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (Palo Alto Networks PAN-OS)
CISA KEV CVE-2026-0257actively-exploited +5 8d ago
CRITICAL
CVE-2026-0257 (CVSS 9.1) — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks ...
NVD 23d ago
INFO
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
The Hacker News 7d ago
INFO
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
BleepingComputer 6d ago
INFO
Recent Palo Alto Networks Vulnerability Exploited for Weeks
SecurityWeek 5d ago
INFO
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
rss:unit42 22h ago
HIGH
CVE-2026-9946 (CVSS 8.3) — Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had c...
NVD CVE-2026-9946 8d ago
HIGH
CVE-2026-9940 (CVSS 8.8) — Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to ...
NVD CVE-2026-9940 8d ago
HIGH
CVE-2026-9887 (CVSS 8.8) — Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execut...
NVD CVE-2026-9887 8d ago
HIGH
CVE-2026-9877 (CVSS 8.3) — Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had c...
NVD CVE-2026-9877 8d ago
CRITICAL
CVE-2026-9874 (CVSS 9.6) — Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potenti...
NVD CVE-2026-9874 8d ago
CRITICAL
CVE-2026-8809 (CVSS 9.8) — The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via ...
NVD CVE-2026-8809 8d ago
HIGH
CVE-2026-10019 (CVSS 8.8) — Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak...
NVD CVE-2026-10019 8d ago
HIGH
CVE-2026-10012 (CVSS 8.3) — Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had co...
NVD CVE-2026-10012 8d ago
HIGH
CVE-2026-10002 (CVSS 8.8) — Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to poten...
NVD CVE-2026-10002 8d ago
INFO
As Global Powers Explore Humanoid Robots, Cyber-Risk Looms
rss:darkreading breachesmalwarethreat-actors 8d ago
INFO
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
BleepingComputer breachesransomwaresupply-chain +1 8d ago
INFO
Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks
SecurityWeek 8d ago
HIGH
CVE-2026-48116 (CVSS 7.5) — AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe...
NVD CVE-2026-48116 8d ago
HIGH
CVE-2026-44883 (CVSS 7.5) — Portainer Community Edition is a lightweight service delivery platform for containerized application...
NVD CVE-2026-44883 8d ago
CRITICAL
CVE-2026-44881 (CVSS 9.9) — Portainer Community Edition is a lightweight service delivery platform for containerized application...
NVD CVE-2026-44881 8d ago
HIGH
CVE-2026-44849 (CVSS 8.8) — Portainer Community Edition is a lightweight service delivery platform for containerized application...
NVD CVE-2026-44849 8d ago
HIGH
CVE-2026-44848 (CVSS 8.8) — Portainer Community Edition is a lightweight service delivery platform for containerized application...
NVD CVE-2026-44848 8d ago
HIGH
CVE-2026-39929 (CVSS 7.5) — Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-...
NVD CVE-2026-39929 8d ago
HIGH
CVE-2026-10044 (CVSS 7.5) — Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GE...
NVD CVE-2026-10044 8d ago
MEDIUM
CVE-2026-49093 (CVSS 6.3) — Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector manag...
NVD CVE-2026-49093 8d ago
CRITICAL
CVE-2026-46840 (CVSS 10) — Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions th...
NVD CVE-2026-46840 8d ago
CRITICAL
CVE-2026-46839 (CVSS 9.9) — Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected ...
NVD CVE-2026-46839 8d ago
HIGH
CVE-2026-46837 (CVSS 8.8) — Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Securi...
NVD CVE-2026-46837 8d ago
HIGH
CVE-2026-46835 (CVSS 7.5) — Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are a...
NVD CVE-2026-46835 8d ago
HIGH
CVE-2026-46834 (CVSS 7.5) — Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are a...
NVD CVE-2026-46834 8d ago
CRITICAL
CVE-2026-46833 (CVSS 9) — Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are a...
NVD CVE-2026-46833 8d ago
INFO The Hacker News Sat, 06 Jun 2026 07:28:30 UTC
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html
TL;DR
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for 42
supply-chainbreachesmalwarezero-day
Read full story ↗
Related coverage (19)
VoidStealer Malware Darts Past Google Chrome's Encryption
rss:darkreading 30d ago
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
The Hacker News 24d ago
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
rss:googleprojectzero 24d ago
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
SecurityWeek 16d ago
Google accidentally exposed details of unfixed Chromium flaw
BleepingComputer 15d ago
Google API Keys Remain Active After Deletion
rss:darkreading 15d ago
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
The Hacker News 10d ago
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
SecurityWeek 9d ago
US charges Google security engineer with Polymarket insider trading
BleepingComputer 8d ago
Google Chrome adds session cookie theft protection for all users
BleepingComputer 8d ago
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
The Hacker News 5d ago
Google fixes one actively exploited Android zero-day, 124 flaws
BleepingComputer 4d ago
Google adds Android protection against AI deepfake scam calls
BleepingComputer 3d ago
Malicious Notifications Could Trick Google Gemini Users
rss:darkreading 3d ago
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
The Hacker News 2d ago
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
The Hacker News 2d ago
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
The Hacker News 2d ago
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
The Hacker News 2d ago
Gemini Voice Assistant Hijacked via Messaging Notifications
SecurityWeek 1d ago