PCWorld reports on the ‘BlueHammer’ zero-day vulnerability that allows attackers to potentially take over Windows computers through privilege escalation. A frustrated security researcher published the ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...

Drift Protocol said with “medium-high confidence” that the recent attack was carried out by the same actors responsible for the $58 million Radiant Capital hack in October 2024. Drift Protocol, the ...

Drift Protocol initiated onchain contact with wallets tied to the $280 million exploit as an unknown sender also attempts to pressure the attacker. Drift Protocol, a Solana-based decentralized ...

Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. Dubbed ...

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. At least 766 hosts across various cloud ...

A disgruntled security researcher has made good on a threat. A security researcher going by the aliases Chaotic Eclipse and Nightmare-Eclipse published exploit code for a Windows privilege escalation ...

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to ‘DarkSword’ Exploit Your email has been sent In a rare move, Apple is rewriting its own security playbook to stop a fast-spreading ...

Rob T. Lee, chief AI officer and chief of research, SANS Institute Artificial intelligence has transformed cyber operations by reducing the time needed to exploit vulnerabilities - from years to days ...

A six-month intelligence operation preceded the $270 million exploit of Drift Protocol and was carried out by a North Korean state-affiliated group, according to a detailed incident update published ...

Threat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems. The code injection was possible due to a design oversight, ...