The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
SecurityWeek

Majority of Internet-Accessible REDCap Servers Outdated

These servers are regularly targeted by China-linked UNC6508 for initial access and backdoor deployment. The majority of internet-accessible REDCap servers are running outdated software versions, ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
The Hacker News

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

CISA added CVE-2026-54420 to KEV, requiring federal agencies to patch LiteSpeed cPanel root escalation by June 18, 2026.
The Verge

Microsoft is threatening legal action for disclosing exploits

The company is feuding with a security researcher publicly posting vulnerabilities. The company is feuding with a security researcher publicly posting vulnerabilities. is the Verge’s weekend editor.
IGN

Forza Horizon 6 Players Are Using Exploits to Farm Easy Credits and Unlock Every Car

Forza Horizon 6 players are exploiting certain parts of the game so that they can quickly and easily unlock every vehicle in the game. As spotted by GamesRadar, YouTuber XMBWesley posted a guide on ...
Ars Technica

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...
Forbes

Microsoft Confirms Active 0-Day Exploit—Check Emergency Mitigation

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Microsoft confirms Exchange zero-day, CISA warns it's under active exploitation. Updated May ...
CoinTelegraph

THORChain pauses trading after suspected $10M exploit

THORChain paused trading after ZachXBT flagged a suspected $10 million exploit spanning Bitcoin, Ethereum, BNB Chain and Base. Decentralized liquidity protocol THORChain halted trading after ...
The Next Web

Google found the first AI-generated zero-day exploit. It stopped the attack before it started.

Google identified the first zero-day exploit it believes was developed with AI and thwarted a planned mass exploitation event. The GTIG report documents state-sponsored actors from China, North Korea, ...
TechRepublic

Google Says Hackers Used AI to Build Zero-Day Exploit

Google says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking. Google says hackers used AI to help build a zero-day exploit, then stopped it ...
The Verge

Google stopped a zero-day hack that it says was developed with AI

Google researchers found evidence in the exploit’s code that it may have been created using AI, like a ‘hallucinated’ CVSS score. Google researchers found evidence in the exploit’s code that it may ...