CoinDesk

Aave rallies DeFi partners to contain fallout from $292 million KelpDAO hack

Industry players are coordinating a recovery effort as the year's biggest crypto theft rattled Aave, with Lido and EtherFi ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Cybercriminals are tricking AI into leaking your data, executing code, and sending you to malicious sites. Here's how.

5 AI Models Tried to Scam Me. Some of Them Were Scary Good

Not all of the schemes were convincing, and the models sometimes got confused, started spouting gibberish that would give ...
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
Morningstar

Azul Shows That Mean Time to Exploit Java Vulnerabilities Drops to Five Days

Azul webinar series examines the hidden security, compliance and productivity costs of free Java runtimes Azul, the trusted leader in enterprise Java for today’s AI and cloud-first world, today ...
TechCrunch

Someone has publicly leaked an exploit kit that can hack millions of iPhones

Last week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users that used an advanced hacking tool called DarkSword. Now someone has leaked a newer version of DarkSword and ...
Bleeping Computer

Ransomware gang exploits Cisco flaw in zero-day attacks since January

The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since ...
Android Authority

New Qualcomm exploit chain brings bootloader unlocking freedom to Android flagships (Updated: Statement)

A vulnerability in Qualcomm’s Android Bootloader implementation allows unsigned code to run via the “efisp” partition on Android 16 devices. This is paired with a “fastboot” command oversight to ...