Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
ZDNet

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

As AI adoption speeds ahead, major security flaws remain unsolved. Users and businesses should stay up to date on vulnerabilities. These four major issues still plague AI integration. AI systems are ...
GitHub

The first ever MC:BE ForceOP Exploit utilizing a user impersonation exploit within Bedrock Dedicated Server

This tool uses the sub_client_login (the packet used for split screen) with the realm owners XUID. The server does not validate if the user authenticated to Xbox Live and lets the sub client join.
IEEE

Mapping Exploit Code on Paste Sites to the MITRE ATT&CK Framework: A Multi-label Transformer Approach

Abstract: Cyber-criminals often use information-sharing platforms such as paste sites (e.g., Pastebin) to share vast amounts of malicious text content, such as exploit source code. Careful analysis of ...
GitHub

Arius-Scripts/ars_hunting

Get ready for the hunt with Ars Advanced Hunting! Explore the wild, track animals, and enjoy the outdoors. Become the top hunter and conquer the wilderness. Ready to embark on the adventure?
Ars Technica

Microsoft releases urgent Office patch. Russian-state hackers pounce.

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more ...
The New York Times

F.T.C. Settles With Express Scripts Over High Insulin Prices

The Trump administration announced that the company, a pharmacy benefit manager, had agreed to make significant changes to its practices. By Rebecca Robbins and Reed Abelson The reporters have ...
Healthcare Dive

Express Scripts reaches ‘landmark’ settlement with FTC in insulin suit

The Federal Trade Commission has agreed to what it called a “landmark” settlement with Express Scripts, allowing the company to bow out of the agency’s lawsuit against major pharmacy benefit managers ...
Bleeping Computer

Hackers exploit critical React Native Metro bug to breach dev systems

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. On Windows, an ...
The Hacker News

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign ...
Ars Technica

Notepad++ users take note: It’s time to check if you’re hacked

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...