Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...
TechCrunch

Meet Wander, a StumbleUpon-inspired tool for discovering the ‘small web’

As search becomes increasingly dominated by AI summaries and commercial content, people are experimenting and coming up with ways to make the web feel more human like it used to, building everything ...
The Hacker News

⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...
The Next Web

A manual pentest costs 50,000 dollars. Intruder built an AI that does it in minutes.

Intruder, a GCHQ-accelerated UK cybersecurity startup, launched AI pentesting agents that replicate manual pen testing methodology in minutes. The broader market is racing to automate vulnerability ...
Decrypt

Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

Child sex crimes are on the rise with new AI tools. Here's what to look out for.

A Portland detective warns AI and social media are making it easier for predators to exploit children online while ...
InfoWorld

Google folds CodeMender into agent ecosystem amid push for AI-led AppSec

Expansion beyond autonomous patching reflects growing emphasis on orchestration, governance, and enterprise trust.
Graham CluleyOpinion

Smashing Security podcast #469: What your Oura ring won’t tell you

CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a ...
Redmondmag.com

Microsoft Open Sources AI Safety Tools for Agent Development

Microsoft released RAMPART and Clarity as open-source projects intended to help developers test AI agents earlier in the software lifecycle and turn red-team findings into repeatable engineering ...