Dark Reading

Exploits Turn Windows Defender into Attacker Tool

Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are ...
Microsoft

Detection strategies across cloud and identities against infiltrating IT workers

The shift to remote and hybrid work since the pandemic expanded global hiring and accelerated digital onboarding, increasing ...
Blockonomi

$606 Million Lost: April 2026 Becomes the Worst Month for Crypto Exploits

Crypto exploits totaling $606 million hit the market across 12 incidents in just 20 days during April 2026. This makes it the ...
CSO Online

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...

Arbitrum freezes $71M ETH in Kelp DAO hack as DeFi fallout grows

Arbitrum has frozen over $71 million in ETH tied to the Kelp DAO exploit in a bid to mitigate losses. According to a Tuesday ...
CoinDesk

North Korea’s crypto heist playbook is expanding and DeFi keeps getting hit

More than $500 million was siphoned across the Drift and Kelp exploits in just over two weeks. What once looked like isolated ...

LayerZero says Kelp setup enabled exploit, as Aave loss questions mount

LayerZero said Kelp’s DVN setup caused the $290 million exploit, as investors remain concerned about which protocol would take responsibility for the losses.
CoinDesk

Kelp DAO claims LayerZero’s 'default' settings are what actually caused the massive $290 million disaster

The liquid restaking protocol said the compromised verifier was LayerZero's own infrastructure, and the setup it was faulted ...
TechRound

What Do AI Experts Think About Claude Mythos?

Anthropic announced Claude Mythos Preview earlier this month, presenting it as a frontier model with cyber skills that ...
The Hacker News

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Three Defender zero-days exploited since April 10, 2026, enabling privilege escalation and DoS, forcing isolation of affected ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
Dark Reading

Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration ...