The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Despite more than a month after ...
HotHardware

Millions At Risk As Attackers Exploit This Alarming WinRAR Security Flaw

Remember the WinRAR path handling exploit we reported on back in August? According to Google, that same flaw, officially dubbed CVE-2025-8088, is still being actively exploited, even though versions ...
CSOonline

Trivial Telnet authentication bypass exposes devices to complete takeover

The 11-year-old vulnerability likely impacts many devices that are no longer supported — and presents easy exploit even for those that are. Computers with Telnet open are in immediate danger of being ...
Ars Technica

A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a legitimate URL. The hackers in this case were white ...
Dexerto

Arc Raiders pushes emergency patch after PC players exploit hidden dev console

Embark Studios has released an emergency hotfix for ARC Raiders after PC players were found exploiting hidden developer console commands to gain a major competitive advantage in live matches. The ...
Dexerto

Arc Raiders exploit lets you see in the dark & it’s “basically cheating”

Many Arc Raiders players on PC have discovered ways to adjust their settings to gain a huge advantage by being able to see in the dark and through smoke. By using console commands and other graphics ...
HHS

Exploit Attempts Surge for React2Shell

Hacker interest is high in a days-old vulnerability in widely used web application framework React, with dozens of organizations already falling victim to it, cybersecurity experts warn. See Also: ...
IEEE

AI-Driven Penetration Testing: Automating Exploits with LLMs and Metasploit-A VSFTPD Case Study

Abstract: Penetration testing, a critical cybersecurity practice, is often bottlenecked by manual exploit selection and payload crafting. We propose a novel framework integrating Large Language Models ...
CoinDesk

Balancer Hit by Apparent Exploit as $110M in Crypto Moves to New Wallets

Balancer, a decentralized finance (DeFi) protocol with over $750 million in value locked, appears to have been hit by its biggest exploit yet, with on-chain data showing upward of $110 million in ...
TechCrunch

Apple alerts exploit developer that his iPhone was targeted with government spyware

Earlier this year, a developer was shocked by a message that appeared on his personal phone: “Apple detected a targeted mercenary spyware attack against your iPhone.” “I was panicking,” Jay Gibson, ...
Hacker

Hackers Are Bad at OPSEC — Here’s How They’re Getting Hunted Down

This story contains AI-generated text. The author has used AI either for research, to generate outlines, or write the text itself. During cyberattacks, adversaries often rely on Command-and-Control ...