CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...

Researchers detail how a prompt injection attack bypassed Apple Intelligence protections

A now corrected issue let researchers circumvent Apple’s restrictions and force the on-device LLM to execute ...
CSO Online

Seven IBM WebSphere Liberty flaws can be chained into full takeover

A pre‑authentication bug in SAML Web SSO, combined with weak access controls and cryptography, allows attackers to escalate privileges and achieve remote code execution.
CoinDesk

The $292 million Kelp exploit: how it happened, and what it means for DeFi

DeFi's "worst year in terms of hacks," Ledger's CTO said, as the Kelp exploit shows how a single point of failure can cascade ...
Crypto Briefing

KelpDAO bridge hack drains $292M in largest DeFi exploit of 2026

KelpDAO's bridge hack drained $292M, marking the largest DeFi exploit of 2026; Ethereum's price dip to $2,300 is now at 100% ...
Morningstar

Azul Shows That Mean Time to Exploit Java Vulnerabilities Drops to Five Days

Azul webinar series examines the hidden security, compliance and productivity costs of free Java runtimes Azul, the trusted leader in enterprise Java for today’s AI and cloud-first world, today ...
CoinDesk

LayerZero blames Kelp's setup for $290 million exploit, attributes it to North Korea's Lazarus

LayerZero said the attackers compromised two RPC nodes the company's verifier relied on and DDoS'd the rest, with the attack ...
BeInCrypto

LayerZero Ties KelpDAO Exploit to Lazarus Subgroup TraderTraitor

LayerZero attributes the $290M KelpDAO exploit to North Korea's TraderTraitor, citing RPC-poisoning as the attack vector.
BeInCrypto

Justin Sun Offers to Negotiate With KelpDAO Hacker After $292 Million Exploit

Justin Sun publicly offered to negotiate with the KelpDAO bridge hacker. The exploit drained 116,500 rsETH and created bad ...

Vercel confirms breach as hackers claim to be selling stolen data

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems ...

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over ...
PCMag on MSN

I Asked AI to Create Passwords. Here's Why I'll Never Do That Again

They may look complex, but AI-generated passwords often follow predictable patterns that hackers can exploit. I'll show you ...