Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...

The most severe Linux threat to surface in years catches the world flat-footed

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of ...
Cybernews

Security researcher hacks PS5 to run Linux and Steam games, releases code publicly

A public Linux loader has been released by security engineer Andy Nguyen, turning PS5 consoles into highly capable Linux PCs ...
OSTechNix

Copy Fail: The 732-Byte Script That Roots Every Major Linux Systems

Copy Fail (CVE-2026-31431) is a severe logic flaw in the Linux kernel affecting every distribution since 2017. Patch your ...
SecurityWeek

Critical GitHub Vulnerability Exposed Millions of Repositories

Wiz discovered a critical remote code execution vulnerability in GitHub that exposed millions of repositories.
WGAL on MSN

'Verify you're human' | How to spot the fake CAPTCHA hack

A new online CAPTCHA scam is quietly stealing personal information by tricking users into installing malware through fake ...
Dark Reading

BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures

The North Korean group is using stolen victim videos, AI-generated avatars, and pseudo-video calls to scale malware attacks ...

32 Claude Code Hacks for Smarter Development : Stop Wasting Tokens

Discover 32 practical Claude Code hacks to optimize your AI development workflow, from basic context management to advanced ...
The Hacker News

âš¡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

This week’s ThreatsDay covers supply chain attacks, fake help desks, wiper malware, AI prompt traps, RMM abuse, phishing kits ...
SecurityWeek

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

The China-linked APT GopherWhisper has been using legitimate services and various Go-based backdoors in attacks.

There’s no rogue McDonald’s AI bot, but ‘prompt injection’ is still a risk for companies

There appears to be a recent epidemic of users hijacking companies’ AI-powered customer service bots to turn them into ...

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...