KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
Bleeping Computer

Hackers exploit FortiClient EMS flaw to push infostealer malware

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker ...
Dark Reading

Content Delivery Exploit Opens Websites to Brand Hijacking

The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak ...
PC World

Unpatched Microsoft Defender flaw lets hackers gain admin access

PCWorld reports on the ‘RedSun’ vulnerability in Microsoft Defender affecting Windows 10, 11, and Server systems that allows attackers to gain administrative privileges. Security researcher Chaotic ...
Dark Reading

Exploits Turn Windows Defender Into Attacker Tool

Threat actors are using three publicly available proof-of-concept exploits to attack Microsoft Defender and turn the security platform's primary cleanup and protection functions against organizations ...
Wall Street Journal

AI Is Finding Bugs That Hackers Can Exploit. Get Ready for Bugmageddon.

The software bug was capable of crashing an operating system used by firewalls, servers and network appliances. It went undetected for over 27 years. Last month, it was caught by Mythos, the latest AI ...
MacRumors

Here's How Researchers Stole $10,000 From MKBHD's Locked iPhone

An iPhone exploit that involves a linked Visa card can allow attackers to steal money from a locked device using NFC, but the process is complex, requiring physical access and specialized hardware.
TechRepublic

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Although the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft Defender and Windows users. No less than ...
Visual Studio Magazine

How to Do Web Forms in VS 2022 (Even Though Microsoft Recommends Blazor/.NET 6)

Microsoft last week set the record straight that Web Forms, part of ASP.NET from the old .NET Framework, isn't going away in Visual Studio 2022, though it recommends Blazor as a .NET 6 alternative. It ...
TechCrunch

Hackers are abusing unpatched Windows security flaws to hack into organizations

Hackers have broken into at least one organization using Windows vulnerabilities published online by a disgruntled security researcher over the last two weeks, according to a cybersecurity firm. On ...
TechCrunch

Adobe fixes PDF zero-day security bug that hackers have exploited for months

Adobe has patched a vulnerability in its flagship document-reading apps, Acrobat DC, Reader DC and Acrobat 2024, that hackers have been actively exploiting for at least four months. The vulnerability, ...
The Next Web

Unauthorized users gained access to Anthropic’s restricted Mythos AI model on launch day via a third-party contractor’s environment

A small group communicating via a private Discord channel accessed Claude Mythos Preview by guessing the model’s URL on the same day Anthropic announced Project Glasswing. Anthropic says it is ...