CSO Online

Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes

The decade-old ActiveMQ flaw was uncovered and weaponized in minutes, showing AI’s exploit-building potential amid the Mythos ...
Infosecurity Magazine

Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings

OS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script ...

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone ...

New WhatsApp malware campaign uses renamed Windows tools to evade detection

Microsoft warns users that multi-stage malware exploits trusted messaging apps to steal information and run hidden system ...
Windows Report

Windows BlueHammer Zero-Day Lets Attackers Gain SYSTEM Access

According to Bleeping Computer, the BlueHammer vulnerability is a Local Privilege Escalation (LPE) flaw that leverages a ...
Dark Reading

Fortinet Issues Emergency Patch for FortiClient Zero-Day

The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have ...
Microsoft

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...
SecurityWeek

Google DeepMind Researchers Map Web Attacks Against AI Agents

Threat actors can use malicious web content to set up AI Agent Traps and manipulate, deceive, and exploit visiting autonomous ...
CSO Online

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and ...
Mashable

iPhone exploit DarkSword has been released in the wild: How to protect yourself

iPhone users should be on alert: DarkSword spyware has been posted in the wild. Credit: Cheng Xin/Getty Images DarkSword, the web-based hacker tool that can be used to steal data from millions of ...
Android Authority

A severe iPhone exploit is now public, and anyone can use it

DarkSword, a serious iPhone exploit kit, just leaked on GitHub. If your device is running iOS 18.4 through 18.7 — or legacy versions 15.8.7 or 16.7.15 — you’re vulnerable. Contacts, messages, call ...
9to5Mac

DarkSword exploit, which affects outdated versions of iOS, leaks on GitHub

The exploit, revealed last week by Google’s Threat Intelligence Group, is now publicly available on GitHub, increasing the urgency for older iPhones and iPads to run the latest available iOS and ...