Hackers Earn $1.3M For 47 Zero-Days At Pwn2Own Berlin
Security researchers just pocketed $1.3M for discovering 47 zero-day vulnerabilities at Pwn2Own Berlin. The hunt for critical flaws continues to pay off big.
Read More
Grafana Labs Confirms GitHub Account Breach
Grafana Labs confirms GitHub account breach — full codebase accessed. No customer data stolen, operations unaffected, and zero ransom paid.
WordPress Plugin Flaw Exposes 200K Sites To Takeover
CRITICAL: 200,000+ WordPress sites exposed to full account takeover via Burst Statistics plugin flaw. Authentication bypass vulnerability now being exploited in the wild.
Fast16 Malware Falsified Nuclear Simulation Test Results
Fast16 malware didn’t target nukes—it targeted trust. By falsifying simulation data, attackers convinced engineers their tests were failing when they weren’t.
AI-Generated Holocaust Imagery Threatens Historical Truth
AI-generated Holocaust imagery is rewriting history in real-time. The distortion of documented atrocities through synthetic media poses grave risks to truth.
AI Bug Hunters Overwhelm Linux Security Mailing List
Linus Torvalds calls out AI bug hunters flooding Linux security lists with duplicate reports. Same tools finding same bugs = chaos for maintainers.
Weekly Malware Roundup: JDownloader Hack & TrickMo Threat
JDownloader site compromised to distribute Python RAT. New TrickMo variant targets banking apps. Mr_Rot13 exploits CVE for backdoor access. Weekly malware roundup.
NGINX CVE-2026-42945 Actively Exploited in the Wild
Critical NGINX vulnerability CVE-2026-42945 now under active attack. Heap buffer overflow affects versions 0.6.27-1.30.0. CVSS 9.2. Patch immediately.
Physical Phishing Letters Target Ledger Crypto Users
Scammers are now sending physical phishing letters to Ledger users. The attack uses QR codes to steal crypto seed phrases. Old-school mail meets new-school scams.
Grafana Labs Breach: Hackers Steal Code Via GitHub Token
Grafana Labs hit by security breach: hackers stole privileged GitHub token, downloaded private code, then demanded ransom. The company disclosed the incident publicly.