New Fragnesia Linux flaw lets attackers gain root privileges
…CISA added Copy Fail to its catalog of flaws exploited in attacks on May 1 and ordered federal agencies to secure their Linux systems within two weeks, by May 15. "This type…
Search
All sources
bleepingcomputer.com
42
theregister.com
15
theverge.com
9
tomshardware.com
8
pcworld.com
7
hothardware.com
6
notebookcheck.net
6
arstechnica.com
5
extremetech.com
3
androidauthority.com
3
appleinsider.com
2
anthropic.com
2
Videos
More videosTop stories
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
…Google released Android's May security bulletin , which fixes 10 vulnerabilities. Ivanti released security updates for a high-severity Endpoint Manager Mobile (EPMM) remote code execution vulnerability, which was exploited in zero…
Researchers attack AMD's Infinity Fabric to bypass hardware security protections with 'Fabricked' — flaw lets malicious cloud hosts silently read confidential VM memory and forge attestation reports
…part of a USENIX Security 2026 paper, describing the exploit as fully deterministic with a 100% success rate, without a need for physical access and no code execution inside the victim VM…
Ancient Excel bug comes out of retirement for active attacks
Patches Ancient Excel bug comes out of retirement for active attacks Vuln old enough to drive lands on CISA's exploited list While Microsoft was rolling out its bumper Patch Tuesday updates…
Discussions and forums
Ask HN: Are advances in AI going to push Linux to a micro-kernel?
This is something that has been bouncing around my head for the past couple weeks with the flood of security related news around Mythos and the number of 0days being found.Microkernels, unikernals, hardware-enforced capa…
4
9
Tell HN: Compliance is not equal to Security
For over a decade, I’ve been doing bug bounty, security audits, and security consulting. And if there’s one thing I’ve seen repeatedly, it’s this:Most startups call a security engineer or hire a security agency only when…
1
1
The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.
The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …
Show HN: HoneyLabs – Public honeypot threat Intel feed and MCP server
I've been running a small fleet of honeypots for about a year. They get hit by a mix of research scanners (Censys, Shadowserver, etc.), old worms, and a bump of CVE probes the day a new Nuclei template ships. The data wa…
4
2
Microsoft fixes 167 security flaws in April, second biggest Patch Tuesday ever
With April's Patch Tuesday hitting just yesterday, Microsoft released updates to address 167 security vulnerabilities. This is the second highest number of vulnerabilities ever patched on a Patch Tuesday (beat out…
Security on MacRumors
…Find My Network Exploited to Send Messages An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher. Security…
Windows 11 KB5089549 can be planted with deadly Registry hack to take over your system
A newly published proof-of-concept(PoC) exploit has renewed attention on a Windows vulnerability that researchers say may not have been fully resolved despite an earlier security fix from Microsoft. The…
Microsoft patches Defender zero-days exploited in live attacks
…Endpoint security firm Huntress confirmed active exploitation before the patches existed. What the two zero-days do The more severe of the two, CVE-2026-41091 , carries a CVSS score of 7…
Nintendo built the 3DS to be unhackable, but a $5 puzzle game and a QR code proved them wrong
…A security researcher named ichfly was poking around the console's backwards-compatible DS mode, and discovered what ultimately became the first major 3DS exploit. The 3DS had full hardware and software…
A year of open source vulnerability trends: CVEs, advisories, and malware
…Build agentic AI security skills with the GitHub Secure Code Game Learn to find and exploit real-world agentic AI vulnerabilities through five progressive challenges in this free, open source game that…