World’s First AI-Built Zero-Day Exploit: Hackers Used AI to Create a 2FA Bypass — And Nearly Pulled It Off
Google's GTIG confirmed the first zero-day exploit built by AI — a 2FA bypass targeting a popular open-source admin tool,…
🛡️
Cybersecurity
CVEs, exploits, pentesting & threat intel
73 posts
// cybersecurity
updated daily
🛡️ Featured
Linux ‘Copy Fail’ (CVE-2026-31431): A 732-Byte Script That Roots Any Linux Server — Patch Now
Russia’s FSB Turned Its Kazuar Backdoor Into a P2P Botnet — And Microsoft Just Exposed the Whole Thing
Microsoft reveals how Russia's Turla group (FSB Center 16) evolved its Kazuar backdoor into a modular P2P botnet with Kernel,…
FunnelKit WordPress Bug Lets Hackers Skim 40,000+ WooCommerce Checkouts — Here’s How They Do It
A critical FunnelKit Funnel Builder vulnerability is being actively exploited to inject credit card skimmers into 40,000+ WooCommerce checkout pages.…
CloudZ RAT Exploits Microsoft Phone Link to Steal Your OTPs — Without Ever Touching Your Phone
CloudZ RAT with its Pheno plugin exploits Microsoft Phone Link to steal SMS OTPs from Windows PCs without touching your…
Mini Shai-Hulud npm Worm Hit 170+ Packages Including Mistral AI — And It Wipes Your Drive If You Revoke the Token
TeamPCP's Mini Shai-Hulud worm compromised 170+ npm and PyPI packages including TanStack, Mistral AI, and UiPath in just 6 minutes…
QR Code Phishing Surges 146%: Microsoft Detects 8.3 Billion Email Threats in Q1 2026
Microsoft detected 8.3 billion phishing threats in Q1 2026. QR code phishing surged 146% as attackers use images to bypass…
NGINX Rift CVE-2026-42945: The 18-Year-Old Vulnerability Now Actively Exploiting Servers
NGINX Rift (CVE-2026-42945) is a critical 9.2 CVSS heap buffer overflow enabling unauthenticated RCE on NGINX servers. Present since 2008,…
Canvas LMS Hack: ShinyHunters Breached 275 Million Students — And Instructure Paid the Ransom
ShinyHunters breached Instructure's Canvas LMS affecting 8,800+ institutions and 275 million people. Instructure paid the ransom — a decision cybersecurity…
CVE-2026-42897: Microsoft Exchange Zero-Day Is Being Exploited Right Now — Patch Immediately
Microsoft confirmed CVE-2026-42897, an actively exploited Exchange Server zero-day that lets attackers execute JavaScript by sending a crafted email. All…