The Hacker News

From Exposure to Exploitation: How AI Collapses Your Response Window

AI compresses cyberattack timelines—32% of flaws exploited day-zero, phishing up 1,265%, forcing shift to CTEM defense models.
Dark Reading

Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot

CVE-2026-2329 allows unauthenticated root-level access to SMB phones, so attackers can intercept calls, commit toll fraud, and impersonate users.
Tech Times

Hidden Claude Desktop Extension Flaw Could Let Hackers Seize Your PC

Security researchers warn that Claude Desktop Extensions may allow zero-click prompt injection attacks, potentially leading to remote code execution and full system compromise.
SecurityWeek

New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISA’s KEV Catalog

The cybersecurity of business is not the function of CISA. CISA’s remit is to raise the security of FECB agencies, and KEV is ...
The Hacker News

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

Key cyber updates on ransomware, cloud intrusions, phishing, botnets, supply-chain risks, and nation-state threat activity.
TechCrunch

Apple alerts exploit developer that his iPhone was targeted with government spyware

Earlier this year, a developer was shocked by a message that appeared on his personal phone: “Apple detected a targeted mercenary spyware attack against your iPhone.” “I was panicking,” Jay Gibson, ...
ZDNet

This new Android exploit can steal everything on your screen - even 2FA codes

Pixnapping could be used to steal private data, including 2FA codes. Side-channel attack abuses Google Android APIs to steal data on display. Flaw is partially patched, although a more complete fix is ...
The Verge

Unity discloses a years-old security exploit and urges developers to update their games

Unity has fixes ready to go, and Valve has released an updated version of Steam, too. Unity has fixes ready to go, and Valve has released an updated version of Steam, too. is a senior reporter ...
Computer Weekly

Commvault users told to patch two RCE exploit chains

Data backup and replication specialist Commvault has issued patches covering off four vulnerabilities in its core software product that, left unaddressed, could be combined to achieve two distinct ...
Forbes

WhatsApp Security — New $1 Million 0-Click Messaging Exploit

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Twice every year, some of the best hackers on the planet get ...
Ars Technica

SharePoint vulnerability with 9.8 severity rating under exploit across globe

Authorities and researchers are sounding the alarm over the active mass exploitation of a high-severity vulnerability in Microsoft SharePoint Server that’s allowing attackers to make off with ...
CSOonline

Exploit details released for Citrix Bleed 2 flaw affecting NetScaler

Amid confusing reports about Citrix NetScaler exploits in the wild, researchers offer technical analyses and indicators of compromise for one of the vulnerabilities dubbed Citrix Bleed 2 that can lead ...