The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Active React2Shell exploitation uses malicious NGINX configurations to hijack web traffic, targeting Baota panels, Asian TLDs ...
The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware.
Dark Reading

Attackers Exploit Zero-Day in End-of-Life D-Link Routers

Attackers are actively exploiting a zero-day vulnerability in multiple discontinued D-Link DSL gateway devices to execute arbitrary shell commands on affected products. Most of the gateways under ...

ACF plugin bug gives hackers admin on 50,000 WordPress sites

A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be ...
Hosted on MSN

Microsoft Copilot reprompt exploit allowed attackers to steal your AI data

Data security research firm Varonis Threat Labs has published a report that details an exploit it calls "Reprompt" that allowed attackers to silently steal your personal data via Microsoft Copilot.