The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.
Microsoft

Beyond the benchmark: Advancing security at AI speed

Read how Microsoft Security has advanced its agentic vulnerability detection system, codename MDASH, integrating into ...
The Hacker News

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization

Adversarial Exposure Validation helps security teams confirm exploitable risks and prioritize remediation beyond raw ...
The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...
Bleeping Computer

Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook

A forum thread titled “Hacking for Profit. Working method” offers a rare glance into how underground communities pass information about vulnerability exploitation and hacking techniques in a form of ...
techtimes

Anthropic AI Vulnerability Scanner in Enterprise Beta: IBM Joins Glasswing After 10,000 Flaws Found

Anthropic opened Claude Security to public beta for all Claude Enterprise customers on April 30, giving engineering teams an AI-powered codebase scanner that identifies vulnerabilities without ...
NPR

ICE is spending millions of dollars on iris scanners, expanding its arsenal of tech tools

The Department of Homeland Security is expanding its capacity to scan irises as part of its mass deportation efforts, a move that has raised concerns among privacy experts that the agency, flush with ...
Ars Technica

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
TechCrunch

Adobe fixes PDF zero-day security bug that hackers have exploited for months

Adobe has patched a vulnerability in its flagship document-reading apps, Acrobat DC, Reader DC and Acrobat 2024, that hackers have been actively exploiting for at least four months. The vulnerability, ...
VentureBeat

Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook

A 27-year-old bug sat inside OpenBSD’s TCP stack while auditors reviewed the code, fuzzers ran against it, and the operating system earned its reputation as one of the most security-hardened platforms ...
InfoQ

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...