Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and ...
CSO Online

Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes

The decade-old ActiveMQ flaw was uncovered and weaponized in minutes, showing AI’s exploit-building potential amid the Mythos ...

Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook

Claude Mythos autonomously found zero-days in OpenBSD, FFmpeg, FreeBSD and major browsers that survived decades of expert ...

New VENOM phishing attacks steal senior executives' Microsoft logins

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials ...
GitHub

ESP8266/ESP32 UMTX2 Jailbreak Host for PlayStation 5 (FW 1.00–5.50)

Lightweight web server for ESP8266/ESP32 boards that hosts the PlayStation 5 UMTX2 Jailbreak for firmware versions 1.00–5.50, with minor modifications to enable caching, data compression and access to ...
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.
MUO on MSN

Yes, you can get malware just by visiting a website

It's not even your browser's fault.

Hackers exploit React2Shell in automated credential theft campaign

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell ...