From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
The Hacker News

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...

Attack of the killer script kiddies

For decades, this type of no-skill hacker, known as a script kiddie, has wreaked havoc, running scripts they ripped from the ...
Forbes

Angry Hacker Drops Microsoft Zero-Day Exploit, 1 Billion Users Warned

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
PC World

Security expert publishes Windows exploit after Microsoft went silent

PCWorld reports on the ‘BlueHammer’ zero-day vulnerability that allows attackers to potentially take over Windows computers through privilege escalation. A frustrated security researcher published the ...
New York Post

Google issues 2nd security warning in days over Chrome browser attacks

It’s a case of search-engine failure. Google has issued a security alert to Chrome users after confirming that cybercriminals had exploited a vulnerable system, marking the second such advisory in ...
CoinTelegraph

Drift sends onchain message to wallets tied to $280M exploit

Drift Protocol initiated onchain contact with wallets tied to the $280 million exploit as an unknown sender also attempts to pressure the attacker. Drift Protocol, a Solana-based decentralized ...
Crowdfund Insider

DeFi Hack : Solana based Drift Protocol Hit by Record $285M Exploit

Solana-based perpetual futures exchange Drift Protocol fell victim to a large-scale security breach on April 1, 2026. On-chain monitoring firms reported that attackers siphoned roughly $285 million in ...
CoinDesk

North Koreans hackers likely behind $286 million Drift Protocol exploit: Elliptic

Elliptic said Thursday the $285 million Drift Protocol exploit, the largest this year, carries “multiple indicators” of North Korea’s state-sponsored DPRK hacker group involvement. The research firm ...
MacRumors

Apple Issues Rare iOS 18 Security Update to Protect Against DarkSword Exploit

Apple today released a new build of iOS 18.7.7 and iPadOS 18.7.7, presumably with a fix for the DarkSword exploit. Apple told Wired that it would release an iOS 18 update for more devices, allowing ...
9to5Mac

Apple confirms iOS 18 update to patch DarkSword exploit for users who haven’t upgraded to iOS 26

According to Wired, Apple will release an iOS 18 update on Wednesday morning to patch vulnerabilities exploited by the DarkSword hack. Here’s what that means. Over the last few weeks, we’ve seen Apple ...
CSOonline

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch deadline. Attackers have exploited a critical Langflow RCE within hours of ...