Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
SecurityWeek

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

Threat actors have been exploiting the BlueHammer Microsoft Defender vulnerability as a zero-day to gain System privileges.
Dark Reading

Exploits Turn Windows Defender Into Attacker Tool

Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are ...
PCMagOpinion

Testing the Flipper Zero: From Unboxing to Hacking Just About Anything in Under 60 Minutes

It may look like a cute little dolphin-themed toy, but the Flipper Zero is a surprisingly powerful learning tool for hacking.
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
The Hacker News

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

Stay ahead of the logs with our Monday Recap. We break down active Adobe 0-days, North Korean crypto stings, and critical CVEs you need to patch today ...
Dark Reading

'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues

The leak online of exploit code for an apparent Windows zero-day flaw dubbed "BlueHammer" could be the sign of a larger issue that security researchers face when collaborating with Microsoft on ...
Futurism

Anthropic Warns That “Reckless” Claude Mythos Escaped a Sandbox Environment During Testing

Add Futurism (opens in a new tab) More information Adding us as a Preferred Source in Google by using this link indicates that you would like to see more of our content in Google News results. In a ...
Forbes

Angry Hacker Drops Microsoft Zero-Day Exploit, 1 Billion Users Warned

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
TechRepublic

‘BlueHammer’ Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

A disgruntled security researcher has made good on a threat. A security researcher going by the aliases Chaotic Eclipse and Nightmare-Eclipse published exploit code for a Windows privilege escalation ...
CSOonline

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

Threat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems. The code injection was possible due to a design oversight, ...
PC World

Security expert publishes Windows exploit after Microsoft went silent

PCWorld reports on the ‘BlueHammer’ zero-day vulnerability that allows attackers to potentially take over Windows computers through privilege escalation. A frustrated security researcher published the ...