The Hacker News

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

ThreatsDay Bulletin: active exploits, supply chain attacks, AI abuse, and stealth data risks observed this week.

New Mirai campaign exploits RCE flaw in EoL D-Link routers

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...
CSO Online

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...
TechRepublic

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet Your email has been sent Attackers have been exploiting a zero-day vulnerability in Adobe Acrobat ...
Forbes

AI Just Hacked One Of The World's Most Secure Operating Systems

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. An autonomous agent found, analyzed and exploited a FreeBSD kernel vulnerability in four ...
InfoWorld

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and then suggested ways to exploit them. Developers can spend days using fuzzing ...
CSOonline

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch deadline. Attackers have exploited a critical Langflow RCE within hours of ...
Dark Reading

DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike

A new iOS exploit chain is being used by attackers around the globe, and it's built for espionage actors and financially motivated attackers alike. Google, iVerify, and Lookout this week published ...
GitHub

exchange_proxylogon_rce.rb

commands on the remote Microsoft Exchange Server. This vulnerability affects (Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, ...
SecurityWeek

CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List

The US cybersecurity agency CISA on Thursday expanded the Known Exploited Vulnerabilities (KEV) list with five flaws, including three bugs targeted by the nation-state-grade Coruna iOS exploit kit.
SecurityWeek

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

Google and iVerify analysis reveals a powerful exploit kit originally used by Russian state actors that is now appearing in broader criminal campaigns. Multiple iOS exploits and five exploit chains ...
TechRepublic

Hackers Used New Exploit Kit to Compromise Thousands of iPhones

Hackers Used New Exploit Kit to Compromise Thousands of iPhones Your email has been sent An iOS exploit framework has revealed how advanced mobile attack tools can move rapidly from surveillance ...