KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
The Hacker News

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.
PCMag

Kash Patel's Apparel Site Is Trying To Trick Visitors Into Installing Malware

The FBI director's Based Apparel site has been spotted hosting a 'ClickFix' attack, which involves duping users into running a seemingly benign, but malicious command.

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
Dark Reading

LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly

In the latest evolution of automated cyberattacks, 2 threat campaigns heavily leveraged AI agents to support attacks against ...
CSO Online

ClickFix finds a backup plan in PySoxy proxy chains

ReliaQuest observed attackers pairing ClickFix with the PySoxy proxy tool to establish redundant encrypted access paths and ...
KTLA

McDonald’s customers are using this hack to recreate In-N-Out’s Animal Style burger

Fast food fans may have found a way to satisfy their In-N-Out cravings without stepping foot inside the beloved California burger chain. According to a recent article from Food Republic, McDonald’s ...
Inc

Inside OpenAI, This Productivity Hack Is Giving Workers Their Own Chief of Staff. You Can Use It Too

Inside OpenAI, the company behind ChatGPT, employees both technical and non-technical are using Codex, the company’s agentic coding app, to handle an increasing amount of work. Codex is OpenAI’s label ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
CNBC

There's an 'art' to writing AI prompts for personal finance, MIT professor says

Many people are turning to artificial intelligence for personal finance advice. Writing a good AI prompt can mean the difference between receiving a reasonable or poor output, experts said. While AI ...
TWCN Tech News

How to skip consent prompt for RDP connections in Windows Server

In this post, we will show you how to skip the consent prompt for RDP connections in Windows Server. Microsoft has released a security update for the Remote Desktop Connection that will show a new ...
VentureBeat

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...