Skip to main content

Hacking

Person working at desk with laptop showing ChatGPT summary page surrounded by papers.

ChatGPT Vulnerability Exposes Users to Phishing Attacks via Web Summaries

Beware of ChatGPhish, a vulnerability in ChatGPT's web summarization feature that lets hackers disguise phishing attacks as harmless links and images. This security flaw could put you at risk of falling prey to scams via web summaries.

Analyst 207
Laptop on a home office desk with a blank screen, smartphone, and notebook nearby.

Google Chrome Bolsters Defenses with Cookie Theft Protection Rollout

Google's new Cookie Theft Protection is a game-changer, tying session cookies to device hardware to prevent hackers from using stolen cookies to access your accounts. This cutting-edge tech binds user sessions to a machine's security chip, making it virtually impossible for thieves to get in.

Analyst 207
Laptop and smartphone with blurred interfaces sit on a desk in a bright office space surrounded by paperwork.

Zapier Fixes Bug Chain That Exposed Millions to Account Takeover Risk

A security firm recently uncovered a chain of five weaknesses in popular workflow automation service Zapier that could have put millions of users at risk of account takeover - and thankfully, the issue has now been fixed. The vulnerabilities were surprisingly easy to exploit, requiring only a free Zapier account to potentially gain unauthorized access to user accounts.

Analyst 207
Laptop screen shows GitHub repository with blurred username and repository name, in a softly focused CISA office background.

CISA Faces Scrutiny Over Leaked Credentials

The US Cybersecurity and Infrastructure Security Agency (CISA) is under fire after dozens of its internal credentials were accidentally exposed on a public GitHub account, sparking concerns over potential security breaches. Despite the agency's assurance that no sensitive data was compromised, lawmakers and experts are demanding answers on how this incident occurred.

Analyst 207
Windows 11 laptop on a minimalist desk with lid ajar, screen displaying ambient daylight.

Exploiting Windows Drivers Without Hardware: The BYOVD Perspective

Discover how attackers can exploit Windows drivers without hardware, turning kernel-mode driver bugs into powerful tools to bypass security controls. The Atos Threat Research Center reveals a game-changing method to manipulate reachability from userland on Windows 11 23H2.

Analyst 207
Bright office setting with a laptop and smartphone, conveying a sense of security and technology.

Apple Thwarts $2.2bn in App Store Fraud with AI-Driven Defenses

Apple's AI-powered defenses have successfully blocked a whopping $2.2 billion in App Store fraud over the past year, and a staggering $11.2 billion over six years, protecting consumers and businesses from malicious actors.

Analyst 207
Unoccupied workstation with laptop and technical equipment in a brightly-lit server room.

Google API Keys Remain Usable for 23 Minutes After Deletion

Deleting a Google API key doesn't mean it's immediately useless to hackers - in fact, our experiments show it can remain active for up to 23 minutes, allowing attackers to continue misusing it even after you've tried to revoke access.

Analyst 207
Person in casual tech outfit sits near laptop with blank screen in modern office setting.

HackerOne Slashes Bug Bounty Rewards Amid AI-Driven Report Surge

HackerOne's Internet Bug Bounty program has slashed payouts, with medium-severity vulnerabilities now earning just $297, down from $1,843, and critical ones fetching $2,257, down from $9,250. The program is currently on pause as the company retools its rewards structure.

Analyst 207
Rows of rack-mounted computer equipment in a dimly lit server room with cables and muted warning signs.

Linux Rootkits Persist in Updated Forms

A single misstep with an over-privileged or poorly designed agent can quickly spiral into a serious incident, making the UK National Cyber Security Centre's warning feel alarmingly relevant. This urgency was underscored at Pwn2Own Berlin, where researchers exploited 47 zero-day flaws, raking in over $1.2 million in rewards.

Analyst 207
Ordinary office setting with interconnected devices and a central computer screen displaying a blurred network map.

Identity Exposures Form Highways for Cyber Attacks

A single compromised identity can become a superhighway for cyber attacks, giving hackers access to nearly every critical workload a business relies on - as seen in a recent incident where a cached AWS access key on one Windows machine put 98% of the company's cloud environment at risk. Identity has become the ultimate attack path, carrying with it a multitude of permissions just waiting to be exploited.

Analyst 207
A Flipper One device sits on a workbench surrounded by development tools and engineering notes.

Flipper Devices Seeks Community Help to Build Open Linux Platform

Join the mission to revolutionize hardware experimentation with Flipper Devices' new Linux platform, Flipper One, a high-performance tool for networking, AI, and radio analysis that's getting a boost from community collaboration. By pooling their expertise, the community can help bring this game-changing platform to life.

Analyst 207
Developer working on laptop in modern workspace with code snippets and technical diagrams nearby.

Microsoft Unveils AI-Powered Red Teaming Tools to Bolster Software Security

Microsoft is shifting the conversation around AI safety from philosophical debates to hands-on action, empowering developers to build more secure software with innovative tools. With the launch of Rampart, a cutting-edge red-teaming tool, the company is putting AI-powered security into practice, helping developers proactively identify and fix vulnerabilities.

Analyst 207
Developer working on laptop surrounded by notes and diagrams in a collaborative workspace.

Microsoft Bolsters AI Security with Open-Source RAMPART and Clarity Tools

Microsoft's new open-source tools, RAMPART and Clarity, empower product managers and engineers to stress-test AI security assumptions early on, saving months of potential rework and costly mistakes. With RAMPART, developers can write and run safety tests to identify vulnerabilities in AI agents, covering both adversarial and benign threats.

Analyst 207
Person interacting with laptop and smartphone at a cluttered desk.

Device Security Must Complement Identity to Thwart Modern Threats

Authentication is no longer enough to guarantee security - even with multi-factor authentication in place, phishing kits can capture session tokens, allowing attackers to bypass security checks undetected. As a result, device security must step up to complement identity and prevent modern threats.

Analyst 207
MacBook on a desk with Microsoft Teams open, surrounded by office items.

Microsoft Teams Hit by macOS Update Glitch

If you're a macOS user of Microsoft Teams, you might have encountered a frustrating glitch - a location-permission dialog that just won't go away, no matter how many times you click "Don't Allow". This annoying issue started surfacing on May 11, with some users reporting they had to click "Don't Allow" up to 20 times in a row.

Analyst 207
Modern office interior with robotic system component in foreground and blurred server room in background.

AI Agents Expose Blind Spots in APAC Enterprise Security

Attackers are now targeting AI agents embedded within APAC enterprises, exploiting weaknesses in non-human identities to gain access to sensitive systems, data, and workflows. This emerging threat highlights a significant blind spot in enterprise security, one that's ripe for exploitation by malicious actors.

Analyst 207
Security analyst working at a workstation surrounded by screens in a bright operations center.

Phishing Attacks Expose Gaps in Early Detection

In just 40 seconds, ANY.RUN's interactive sandbox exposed the full attack chain of a phishing attack, revealing redirects, fake pages, and signs of possible remote access. This game-changing tool helps teams detect phishing threats early, providing concrete evidence of business exposure before it's too late.

Analyst 207
Security researchers work at computer stations in a brightly-lit conference setting.

Security Researchers Exploit 47 Zero-Days for $1.3 Million at Pwn2Own Berlin

In a stunning display of cybersecurity prowess, researchers at Pwn2Own Berlin 2026 exploited a whopping 47 zero-day flaws, raking in a total of $1.3 million in just three days. The competition saw contestants disclose and exploit vulnerabilities in top enterprise and AI-facing products, earning daily payouts of $523,000, $385,750, and $389,500.

Analyst 207
Brightly-lit conference room with rows of seating and a prominent stage.

Hackers Disrupt Microsoft Exchange, Windows 11 at Pwn2Own Contest

Security researchers just scored big at Pwn2Own Berlin 2026, raking in $385,750 for exploiting 15 zero-day vulnerabilities in top tech targets like Microsoft Exchange and Windows 11. The contest, running from May 14-16, offers up to $1 million in prizes for hacking the latest enterprise technologies.

Analyst 207
Windows 11 workstation on a clutter-free desk in an office setting.

Bitdefender Exposes Hidden Attack Surface in Trusted Tools

Did you know that 84% of high-severity incidents involve the abuse of trusted tools, making them nearly invisible to traditional security measures? This shocking statistic highlights the alarming ease with which attackers can hide in plain sight, using legitimate tools against you.

Analyst 207
Person working on laptop in modern office setting, conveying security and technology.

Akamai Bolsters AI Browser Security with $205M LayerX Acquisition

Akamai is taking browser security to the next level with its $205 million acquisition of LayerX, a cutting-edge startup that's changing the game with its innovative approach to securing interactions between users and applications. By integrating LayerX's technology, Akamai is bolstering its security stack to protect the increasingly AI-driven and cloud-based world.

Analyst 207
Smartphone on a neutral surface with a blurred cityscape background and a subtle lock icon on the screen, conveying…

Google Unveils Spyware Forensics Tool for High-Risk Android Users

Google's new Android Intrusion Logging tool helps high-risk users detect spyware attacks by recording suspicious activity, but raises concerns about sensitive data sharing and consent. To use it effectively, users must balance protection with secure log sharing and informed consent.

Analyst 207
Brightly-lit tech company headquarters with server room interior and security hint.

AWS Discloses Flaw in Quick Access Control

AWS swiftly addressed a security flaw in Quick Access, discovered by Fog Security, which could have allowed unauthorized users to bypass access controls, and fortunately, no customer data was compromised. The issue was resolved in March 2026, with no action required from customers.

Analyst 207
Developer workstation with laptop and office supplies in a bright, minimalist room.

Claude Code Attack Persists Through Token Rotation Flaw

A surprising lack of resistance to a proof-of-concept attack has exposed a vulnerability in Claude Code, allowing a five-step attack chain that can turn routine token rotation into a continuous compromise. This exploit requires just one malicious npm package and the ability to run code on a developer's machine, making it a concerning threat.

Analyst 207