Hackers are abusing unpatched Windows security flaws to hack into organizations

A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit ...
CSO Online

Another Microsoft Defender privilege escalation bug emerges days after patch

New PoC shows how Microsoft Defender can be tricked into rewriting malicious files into protected locations, enabling ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges

A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, ...
Dark Reading

Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration ...
The Hacker News

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

Stay ahead of the logs with our Monday Recap. We break down active Adobe 0-days, North Korean crypto stings, and critical CVEs you need to patch today ...
TMCnet

AI-Driven Risks Accelerate Enterprise Encryption Overhaul

Quantum Secure Encryption (CSE: QSE) (OTCQB: QSEGF) (FSE: VN8) just launched QPA v2, an enterprise platform that helps large organizations find the weak spots in their encryption and build a clear ...
TMCnet

DoveRunner Extends Industry-Leading App Protection to Apple TV, Bringing Enterprise-Grade tvOS Security to Streaming and B2B Applications

The Apple TV ecosystem presents a distinct and underserved threat landscape. Unlike iOS, where mature security tooling is widely available, tvOS applications have historically operated with minimal ...
SecurityWeek

Critical Flowise Vulnerability in Attacker Crosshairs

Threat actors have started exploiting CVE-2025-59528, a critical Flowise vulnerability leading to remote code execution.
Android Authority

A severe iPhone exploit is now public, and anyone can use it

DarkSword, a serious iPhone exploit kit, just leaked on GitHub. If your device is running iOS 18.4 through 18.7 — or legacy versions 15.8.7 or 16.7.15 — you’re vulnerable. Contacts, messages, call ...
Mashable

iPhone exploit DarkSword has been released in the wild: How to protect yourself

iPhone users should be on alert: DarkSword spyware has been posted in the wild. Credit: Cheng Xin/Getty Images DarkSword, the web-based hacker tool that can be used to steal data from millions of ...