Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

Hacker used Anthropic’s Claude AI to steal Mexican government data

A hacker exploited Anthropic PBC’s artificial intelligence chatbot to carry out a series of attacks against Mexican government agencies, resulting in the theft of a huge trove of sensitive tax and ...
Hacker

Pentests and Log4J: How to Exploit a Vulnerable System

Raxis provides organizations with a clear view of their IT security posture as seen by a malicious hacker. Raxis provides organizations with a clear view of their IT security posture as seen by a ...
Forbes

Microsoft Confirms Windows Is Under Attack — Update Now

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
Dark Reading

Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again

A handful of European government agencies have been compromised by hackers in recent weeks, thanks to a new round of critical vulnerabilities in an Ivanti product — and it's another grim reminder of ...
IGN

Arc Raiders Players Stunned After Exploit Hotfix Results in Widespread Reports of a New Inventory Glitch

Arc Raiders players have gathered to applaud Embark Studios after it took just one day to tackle new duplication and infinite ammo exploits – even though reports of a new inventory glitch have already ...
GitHub

The first ever MC:BE ForceOP Exploit utilizing a user impersonation exploit within Bedrock Dedicated Server

This tool uses the sub_client_login (the packet used for split screen) with the realm owners XUID. The server does not validate if the user authenticated to Xbox Live and lets the sub client join.
GitHub

Arius-Scripts/ars_hunting

Get ready for the hunt with Ars Advanced Hunting! Explore the wild, track animals, and enjoy the outdoors. Become the top hunter and conquer the wilderness. Ready to embark on the adventure?
Ars Technica

Microsoft releases urgent Office patch. Russian-state hackers pounce.

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more ...
Healthcare Dive

Express Scripts reaches ‘landmark’ settlement with FTC in insulin suit

The Federal Trade Commission has agreed to what it called a “landmark” settlement with Express Scripts, allowing the company to bow out of the agency’s lawsuit against major pharmacy benefit managers ...
The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Despite more than a month after ...