Chinese State Hackers Turned Notepad++'s Own Update System Against Users for Six Months
The popular text editor Notepad++ has confirmed what security researchers feared: Chinese state-sponsored hackers successfully hijacked its update me…
Security
Mass VPS Provider Ransomware Attack Linked to Stolen Credentials from Virtualizor Support Breach
UPDATE (February 3, 2026): Virtualizor has released an official statement clarifying the attack vector. The company confirms there is no …
AI Hacks AI: Security Tool Finds One-Click RCE in OpenClaw Assistant
In a watershed moment for AI security, an autonomous hacking agent has successfully exploited another AI system, exposing a critical vulnerability in…
Windows 11's New Security Feature Had 9 Vulnerabilities: Researcher Details the Flaws
Microsoft's flagship security upgrade for Windows 11 had a close call: a researcher found nine different ways to bypass it during testing. Google…
Critical Unauthenticated RCE Flaw Exposes SolarWinds Web Help Desk to Instant Takeover
Security researchers at Horizon3.ai have uncovered a chain of critical vulnerabilities in SolarWinds Web Help Desk (WHD) that allows unauthenticated …
WinRAR Flaw Becomes Hacker Gold Mine: State Spies and Cybercriminals Still Exploiting Six-Month-Old Bug
Six months after a critical WinRAR vulnerability was patched, hackers from Russia, China, and cybercrime groups continue to exploit it—turning a fixe…
OpenSSL Patches Critical S/MIME Flaw That Could Let Attackers Hijack Encrypted Email
A vulnerability in OpenSSL's email encryption system could allow attackers to crash servers or execute malicious code without authentication cred…
Chinese Hackers Quietly Upgraded Their Favorite Backdoor — Now It's Stealing Browser Passwords Too
A Chinese state-sponsored hacking group has quietly supercharged one of its most reliable cyberespionage tools, transforming it from a simple backdoo…
Hackers Are Actively Exploiting Critical Microsoft Office Flaw—Patch Now or Risk Takeover
Microsoft has scrambled to release an out-of-band security patch for a high-severity zero-day vulnerability in Office that attackers are actively wea…
Chinese Hackers Breached UK Government Phones for Years—Here's What Went Down
A years-long espionage campaign by Chinese state-sponsored hackers penetrated the mobile phones of senior UK government officials, exposing private c…
React Faces Third Wave of Vulnerabilities as Researchers Uncover DoS Flaws in Patched Code
React developers are facing yet another emergency patching cycle after security researchers discovered additional denial-of-service vulnerabilities w…
Your Netflix-Insta Password Was Probably Stolen — Along With 149 Million Others
A staggering 96GB database containing 149 million unique login credentials sat exposed on the internet for weeks, accessible to anyone with a web bro…
Cloudflare's Certificate Path Let Attackers Sidestep Web Application Firewalls for Months
A seemingly innocuous certificate validation path became a hidden gateway past Cloudflare's Web Application Firewall (WAF), security researchers …
AMD CPUs Expose Critical Flaw: StackWarp Attack Breaks Security on Cloud Servers
A newly disclosed hardware vulnerability in AMD processors threatens the foundation of confidential computing, allowing attackers to hijack secure vi…
Two Missing Characters Nearly Compromised Every AWS Account Worldwide
Security researchers at Wiz have exposed a hair-raising vulnerability that could have given attackers complete control over the AWS JavaScript SDK—th…
Node.js Patches Critical Flaws That Could Expose Secrets from Uninitialized Memory
Node.js developers need to patch immediately. The project released emergency updates across all active versions (20.x through 25.x) on Tuesday, addre…
Hackers Could Hijack ServiceNow AI Agents Using Just an Email Address
An attacker halfway across the world with nothing but your email address could hijack your company's AI agents, create backdoor admin accounts, a…
Shopify Chargeback App Exposed 200,000+ Merchant Records After Rejecting Bug Bounty
A critical vulnerability in Disputifier, a popular Shopify chargeback management platform used by over 3,000 merchants, exposed sensitive business da…
17.5M Instagram Users Hit by API Scraping Attack—Reset Emails Flood Inboxes
Your Instagram password reset email might not be a phishing scam—it could be the first sign that your contact details are already in the hands of cyb…
.png.webp)
How 100,000 Automation Servers Became a Master Key to Enterprise Data
A critical security flaw in n8n—the workflow automation darling of the AI era—has exposed an estimated 100,000 servers to complete takeover, turning …