-
Pwn2Own Berlin continued exposing major enterprise security flaws after researchers successfully demonstrated new zero-day attacks targeting Microsoft Exchange, Windows 11, and Red Hat Enterprise Linux. The second day of the hacking competition produced multiple successful exploit chains against fully patched systems. Security researchers earned hundreds of thousands of dollars after compromising enterprise technologies widely used…
-
The node-ipc compromise has triggered fresh concerns about software supply chain attacks inside the open-source ecosystem. Security researchers discovered that attackers injected credential-stealing malware into malicious versions of the widely used npm package, potentially exposing developers, cloud environments, and CI/CD systems. Because node-ipc is used across thousands of JavaScript projects, the incident created widespread concern…
-
Serious Avada Builder vulnerabilities have placed up to one million WordPress websites at risk of credential theft and database attacks. Security researchers recently disclosed two flaws affecting the widely used plugin, warning that attackers could exploit them to access sensitive server data and extract password information. The vulnerabilities affect Avada Builder installations running older versions…
-
Microsoft Edge passwords will soon receive stronger protection after Microsoft confirmed a major change to how the browser handles saved login details. The company plans to stop Edge from loading stored passwords into process memory in clear text when the browser starts. The decision follows criticism from security researchers, who warned that the previous behavior…
-
OpenAI has confirmed that the recent TanStack supply chain attack compromised two employee devices after attackers distributed malicious packages through trusted open-source software ecosystems. The company stated that the breach resulted in limited access to internal repositories connected to the affected employee accounts. However, OpenAI said investigators found no evidence that customer data, production systems,…
-
A critical Burst Statistics flaw is now under active exploitation, putting thousands of WordPress websites at risk of administrator account takeover. The vulnerability affects Burst Statistics, a privacy-focused analytics plugin used on more than 200,000 WordPress sites. Attackers can exploit the bug to impersonate known administrator users during REST API requests. The issue is tracked…
-
The West Pharmaceutical ransomware attack disrupted manufacturing and enterprise operations after attackers breached company systems, stole data, and deployed ransomware across parts of the organization’s infrastructure. West Pharmaceutical Services confirmed that it detected suspicious activity on May 4 before investigators later determined the incident involved unauthorized access to internal systems. The company stated that attackers…
-
Reports claiming Starlink users tracked through metadata analysis may have assisted Israeli intelligence operations have raised new concerns about satellite internet privacy and digital surveillance. According to recent investigations, intelligence analysts allegedly relied on metadata tied to Starlink internet activity to identify and monitor users operating in conflict zones. Researchers said the tracking reportedly depended…
-
A recent Linux kernel patch designed to fix a dangerous privilege escalation flaw has reportedly introduced conditions that enabled another critical vulnerability. Security researchers warned that the new exploit, known as Fragnesia, appeared shortly after developers patched the previously disclosed Dirty Frag vulnerability. Researchers said the issue affects Linux kernel versions dating back several years…
-
The alleged British Airways crew data breach has raised fresh concerns across the aviation sector after hackers claimed they gained access to internal employee systems connected to pilots and cabin crew operations. According to recent reports, a threat group known as Infrastructure Destruction Squad alleged it breached internal British Airways systems and accessed crew-related information,…