🧪 ResearchBleepingComputer·12h ago
Acer working to patch max severity zero-days in Wave 7 routersAcer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. [...]
Latest
Chinese hackers use new Atlas RAT malware in European cyberattacksBleepingComputer · 2h agoHow to Recover Data from iCloud Backup Without Resetting Your iPhoneHackRead · 2h agoThe U.S. sanctions Nobitex crypto exchange used by ransomwareBleepingComputer · 3h agoCISA warns of cyberattacks targeting fuel tank monitoring systemsBleepingComputer · 3h agoWhatsApp, Slack Notifications Could Hijack Google Gemini on AndroidThe Hacker News · 4h agoNew 'HTTP/2 Bomb' DoS attack crashes web servers in under a minuteBleepingComputer · 4h agoUltrahuman says hackers accessed customers’ wellness data via internal toolTechCrunch Security · 6h agoGoogle DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RATThe Hacker News · 7h agoA Day in the Life of an MDR Analyst: Inside the Modern SOCRapid7 · 7h agoInstagram is alerting users who were targeted by hackers during AI chatbot attacksTechCrunch Security · 7h agoCISA warns of active attacks exploiting Android, Linux bugsBleepingComputer · 8h agoMicrosoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug FlagThe Hacker News · 9h agoThe worst hacks and breaches of 2026 (so far)TechCrunch Security · 10h agoWhat 345 Days of Untested Exposure Looks Like at a BankBleepingComputer · 10h agoAutonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)The Hacker News · 10h agoChinese hackers use new Atlas RAT malware in European cyberattacksBleepingComputer · 2h agoHow to Recover Data from iCloud Backup Without Resetting Your iPhoneHackRead · 2h agoThe U.S. sanctions Nobitex crypto exchange used by ransomwareBleepingComputer · 3h agoCISA warns of cyberattacks targeting fuel tank monitoring systemsBleepingComputer · 3h agoWhatsApp, Slack Notifications Could Hijack Google Gemini on AndroidThe Hacker News · 4h agoNew 'HTTP/2 Bomb' DoS attack crashes web servers in under a minuteBleepingComputer · 4h agoUltrahuman says hackers accessed customers’ wellness data via internal toolTechCrunch Security · 6h agoGoogle DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RATThe Hacker News · 7h agoA Day in the Life of an MDR Analyst: Inside the Modern SOCRapid7 · 7h agoInstagram is alerting users who were targeted by hackers during AI chatbot attacksTechCrunch Security · 7h agoCISA warns of active attacks exploiting Android, Linux bugsBleepingComputer · 8h agoMicrosoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug FlagThe Hacker News · 9h agoThe worst hacks and breaches of 2026 (so far)TechCrunch Security · 10h agoWhat 345 Days of Untested Exposure Looks Like at a BankBleepingComputer · 10h agoAutonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)The Hacker News · 10h ago
⚡
Security & IT News
LiveReal-time news from 13+ trusted sources — BleepingComputer, The Hacker News, Krebs on Security, Dark Reading & more.
All⚠ Vulnerability726🩹 Patch165🚀 Release17🔴 Breach428🔬 Analysis58🧪 Research62🦠 Malware237📰 General101
62 results in Research
🧪 ResearchThe Hacker News·12h ago
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD MooreAssume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit
🧪 ResearchBleepingComputer·1d ago
Google fixes one actively exploited Android zero-day, 124 flawsGoogle has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. [...]
🧪 ResearchSchneier on Security·1d ago
Microsoft Threatening Security ResearcherAn anonymous security researcher called “Nightmare Eclipse” has been publishing a series of significant security exploits against Microsoft Windows—including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and forth.
🧪 ResearchInfosecurity Magazine·1d ago
Infosecurity Europe: Business Leaders Lack Understanding of Threat Intelligence, Study WarnsA new Silobreaker and SANS Institute paper examines the ‘Intelligence-Stakeholder Gap’ and what organizations must do to achieve business buy-in on threat intelligence
🧪 ResearchInfosecurity Magazine·2d ago
Infosecurity Europe: OWASP Forms New Agentic Research CouncilOWASP’s new Agentic Research Council will aim to connect academic work to operational realities on agentic AI security
🧪 ResearchThe Hacker News·6d ago
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account RemovalMicrosoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day
🧪 ResearchInfosecurity Magazine·6d ago
Infosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study RevealsISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reacting to a significant cyber incident
🧪 ResearchBleepingComputer·8d ago
KnowledgeDeliver flaw exploited as a zero-day to install web shellsHackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. [...]
🧪 ResearchBleepingComputer·12d ago
Trend Micro warns of Apex One zero-day exploited in the wildJapanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. [...]
🧪 ResearchHackRead·13d ago
Deleted Google API Keys Remain Active up to 23 Minutes, Study FindsDeleted Google API Keys remain active for up to 23 minutes after deletion, exposing GCP, Gemini, BigQuery, and Maps data to attackers.
🧪 ResearchThe Hacker News·13d ago
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New StoriesThis week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. The danger is in normal things now - updates, apps, cloud buttons, support chats, trusted accounts. AI
🧪 ResearchBleepingComputer·13d ago
Microsoft warns of new Defender zero-days exploited in attacksOn Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [...]
🧪 ResearchInfosecurity Magazine·14d ago
Researchers Warn CypherLoc Scareware Has Targeted Millions of UsersBarracuda reveals new CypherLoc scareware has featured in nearly three million attacks
🧪 ResearchBleepingComputer·14d ago
Microsoft shares mitigation for YellowKey Windows zero-dayMicrosoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. [...]
🧪 ResearchHackRead·15d ago
Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day PayoutsCybersecurity researchers successfully demonstrated 47 unique zero-day exploits at Pwn2Own Berlin 2026, targeting major enterprise software and AI platforms.
🧪 ResearchSchneier on Security·16d ago
Zero-Day Exploit Against Windows BitLockerIt’s nasty , but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments. Slashdot thread . And here’s Nightmare-Eclipse’s GitHub account.
🧪 ResearchInfosecurity Magazine·16d ago
Security Researchers Find 47 Zero-Days at Pwn2Own BerlinThe research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own Berlin
🧪 ResearchThe Hacker News·16d ago
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched SystemsChaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability impacts "cldflt.sys," which refers to the Windows Cloud Files Mini Filter Driver,
🧪 ResearchBleepingComputer·17d ago
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC releasedA cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems. [...]