AI-built ransomware toolkit automates EDR evasion, AD discovery

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade ...
SecurityWeek

Supply Chain Attack Hits 32 Red Hat NPM Packages

Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. On Monday, hackers hit Red Hat’s NPM repository in a new supply chain attack, ...
The Hacker News

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.

DxSale drained for $7.3M in BNB Chain liquidity exploit

DxSale was hit by a $7.3 million exploit that affected at least 1,400 liquidity providers on the BNB chain, adding to the mounting concerns around the DeFi industry’s cybersecurity.
Ars Technica

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...
CoinTelegraph

THORChain pauses trading after suspected $10M exploit

THORChain paused trading after ZachXBT flagged a suspected $10 million exploit spanning Bitcoin, Ethereum, BNB Chain and Base. Decentralized liquidity protocol THORChain halted trading after ...
TechSpot

A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it

The Epitome of WTF: A researcher known as "Nightmare-Eclipse" recently released YellowKey, a security vulnerability that allegedly enables a full bypass of BitLocker's full-volume encryption. The ...
Ars Technica

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds.
The New York Times

Google Says Criminal Hackers Used A.I. to Find a Major Software Flaw

The company said that it had identified, for the first time, hackers using artificial intelligence to discover an unknown bug. The attempted attack represents “a taste of what’s to come,” one expert ...
PC World

Unpatched Microsoft Defender flaw lets hackers gain admin access

PCWorld reports on the ‘RedSun’ vulnerability in Microsoft Defender affecting Windows 10, 11, and Server systems that allows attackers to gain administrative privileges. Security researcher Chaotic ...
MacRumors

Here's How Researchers Stole $10,000 From MKBHD's Locked iPhone

An iPhone exploit that involves a linked Visa card can allow attackers to steal money from a locked device using NFC, but the process is complex, requiring physical access and specialized hardware.
Wall Street Journal

AI Is Finding Bugs That Hackers Can Exploit. Get Ready for Bugmageddon.

The software bug was capable of crashing an operating system used by firewalls, servers and network appliances. It went undetected for over 27 years. Last month, it was caught by Mythos, the latest AI ...