Hackers Exploit Meta's AI Chatbot To Hijack Prominent Instagram Accounts
…With that change in place the hacker can receive a one-time security code and change the password to the account. The one hoop the bad actors had to jump through was…
Search
All sources
bleepingcomputer.com
39
theregister.com
15
theverge.com
9
tomshardware.com
8
pcworld.com
6
notebookcheck.net
6
hothardware.com
5
arstechnica.com
5
extremetech.com
3
androidauthority.com
3
appleinsider.com
2
anthropic.com
2
Videos
More videosApple Alerted to macOS Security Vulnerability Uncovered With AI Tool
…Specifically, they used the model to write code that links together two macOS bugs in a way that resulted in what is known as a privilege escalation exploit. The security researchers said…
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
…coding agents. On the third and final day of the contest, the competitors hacked Windows 11 and Red Hat Enterprise Linux for Workstations again, and used a memory corruption bug to exploit…
Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoor
…Last month, Security researcher Chaotic Eclipse (aka Nightmare-Eclipse ) published two zero-day exploits, BlueHammer and RedSun , that made Windows Defender offer up system administrator privileges. They did this after their disclosure…
Top stories
Project Glasswing and open source: The good, bad, and ugly
…Software is finite; it has a finite number of defects, and some security defects are more important than others. The more we can eliminate the vulnerabilities, the fewer that can be exploited…
Project Glasswing: An initial update
…To begin, we’ve released Claude Security in public beta for Claude Enterprise customers. It’s a tool that helps teams scan their codebases for vulnerabilities, and which can generate proposed fixes…
Hot on the Heels of Copy Fail, New Linux Bugs Grant Root Privileges
…As we've seen with Windows, only one of the recent exploits courtesy of Nightmare-Eclipse have been patched , but not before the security holes and exploits were publicly disclosed. Tags: Linux…
Discussions and forums
Ask HN: Are advances in AI going to push Linux to a micro-kernel?
This is something that has been bouncing around my head for the past couple weeks with the flood of security related news around Mythos and the number of 0days being found.Microkernels, unikernals, hardware-enforced capa…
4
9
Tell HN: Compliance is not equal to Security
For over a decade, I’ve been doing bug bounty, security audits, and security consulting. And if there’s one thing I’ve seen repeatedly, it’s this:Most startups call a security engineer or hire a security agency only when…
1
1
The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.
The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …
Show HN: HoneyLabs – Public honeypot threat Intel feed and MCP server
I've been running a small fleet of honeypots for about a year. They get hit by a mix of research scanners (Censys, Shadowserver, etc.), old worms, and a bump of CVE probes the day a new Nuclei template ships. The data wa…
4
2
BitUnlocker Downgrade Attack Bypasses TPM-Only Windows 11 BitLocker in Under 5 Minutes
…This exploit leverages a downgrade attack to pry open drives, exploiting the gap between software patching and certificate revocation. Rooted in CVE-2025-48804 , a vulnerability patched in July 2025, the flaw…
Security researchers uncover Linux exploit that affects all 'distributions shipped since 2017'
…and validate vendor patches." It's worth clarifying that this script requires local access to a machine running Linux, and that the security vulnerability is not an example of remote code execution…
A zero-day BlueHammer Windows exploit was leaked by a researcher fed up with Microsoft's Security Response Center — and the rushed fix isn't perfect
…and addressed before public disclosure, supporting both customer protection and the security research community." It's a rather boilerplate response, and security communities are understandably upset about the leaked exploit and Microsoft…