The Hacker News

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

ThreatsDay Bulletin: active exploits, supply chain attacks, AI abuse, and stealth data risks observed this week.
Computer Weekly

Boost cooks up SmokedMeat, open source framework for CI/CD pipelines protection

Boost Security has announced SmokedMeat, an open source red team framework for CI/CD pipelines that shows how attackers ...

Payouts King ransomware uses QEMU VMs to bypass endpoint security

The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on ...
TechRepublic

‘BlueHammer’ Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

A disgruntled security researcher has made good on a threat. A security researcher going by the aliases Chaotic Eclipse and Nightmare-Eclipse published exploit code for a Windows privilege escalation ...
HHS

AI Shrinks Cyberattack Exploit Time From Years to Days

Rob T. Lee, chief AI officer and chief of research, SANS Institute Artificial intelligence has transformed cyber operations by reducing the time needed to exploit vulnerabilities - from years to days ...
Bleeping Computer

Coruna iOS exploit framework linked to Triangulation attacks

The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. The software has been ...
Gizmodo

Attacker Exploits Crypto Stablecoin for a $25 Million Payday

Over the weekend, crypto protocol Resolv, which issues the USR stablecoin, was exploited by an attacker who was able to mint nearly 80 million new USR tokens out of thin air after only putting down a ...
Infosecurity-magazine.com

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability within 20 hours, working only from the advisory description. The bug, CVE-2026 ...
9to5Mac

Google reveals another exploit chain affecting outdated iPhones

Following its recent disclosure of the Coruna exploit chain targeting older iOS versions, the company has now revealed a similar attack believed to be called DarkSword. Here are the details. A few ...
SiliconANGLE

Researchers discover zero-day DarkSword exploit chain in iOS 18

Researchers from Google LLC and two cybersecurity companies have identified a set of zero-day exploits in iOS 18. Google’s GTIG threat intelligence team, Lookout Inc. and iVerify Inc. published their ...
Dark Reading

DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike

A new iOS exploit chain is being used by attackers around the globe, and it's built for espionage actors and financially motivated attackers alike. Google, iVerify, and Lookout this week published ...
TechSpot

Hacker unveils exploit that cracks the "unbreakable" Xbox One at the silicon level

A hot potato: For more than a decade, the Xbox One stood as a remarkable exception in console security – a machine long considered impervious to hacking attempts. That reputation is now over. At the ...