The Hacker News

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...

Top download manager JDownloader hacked — installers replaced with dangerous malware

Between May 6 and 7, it was dangerous to install JDownloader from alternative links on the site.

Google: Hackers used AI to develop zero-day exploit for web admin tool

Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web ...
Hosted on MSN

From Karel to picoCTF: You Can Win Your First Python CTF in 2026

The 2026 picoCTF competition has officially expanded with more challenges than ever before, yet the transition from the block-based logic of Karel to the raw Python scripting required for CTFs remains ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web

Companies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds—and in thousands of cases ...

US CISA adds ‘insane’ Linux Copy Fail flaw to watch list

Malicious actors with code execution capability may gain root access on Linux systems using as few as 10 lines of Python, according to a researcher.
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Dark Reading

UNC6692 Combines Social Engineering, Malware, Cloud Abuse

A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged ...
TechCrunch

Unauthorized group has gained access to Anthropic’s exclusive cyber tool Mythos, report claims

A group of unauthorized users has reportedly gained access to Mythos, the cybersecurity tool recently announced by Anthropic. Much has been made of Mythos and its purported power — an AI product ...