The Hacker News

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Adobe Reader zero-day exploited since Dec 2025 via malicious PDFs, enabling data theft and potential RCE, prompting urgent ...
Infosecurity Magazine

Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings

OS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script ...
SecurityWeek

Adobe Reader Zero-Day Exploited for Months: Researcher

A researcher has come across what appears to be an actively exploited Adobe Acrobat and Reader zero-day vulnerability.
SecurityWeek

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

Hackers have been targeting a critical file upload flaw in an addon for the Ninja Forms WordPress plugin that leads to remote ...

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone ...

What Is Claude Mythos—And Why Anthropic Won’t Let Anyone Use It

Anthropic Built an AI So Good That It Won’t Let Anyone Use It. Here’s Everything You Need to Know About Claude Mythos.
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
XDA Developers on MSN

Flatpak 1.16.4 patches a critical flaw that gave apps full host access

Grab the update as soon as you can.

Hackers exploit critical flaw in Ninja Forms WordPress plugin

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files ...
Developer Tech

AI code scanners halt Internet Bug Bounty payouts

The Internet Bug Bounty program has paused new submissions, citing a massive expansion in vulnerability discovery by AI code ...