The Hacker News

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Malicious npm package downloaded 676 times stole Claude AI files via GitHub uploads, increasing AI-driven malware risks.
The Hacker News

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

CVE-2026-48172 lets cPanel users run scripts as root, affecting LiteSpeed plugin 2.3–2.4.4 and exposing servers.
ESPN

Knicks flip script, exploit James Harden to spark Game 1 rally

NEW YORK -- It wasn't quite a matter of pettiness, but the Knicks found their idea for an improbable comeback thanks to the Cavaliers trying to exploit Jalen Brunson on defense. Trailing by 22 points ...
CoinTelegraph

THORChain pauses trading after suspected $10M exploit

THORChain paused trading after ZachXBT flagged a suspected $10 million exploit spanning Bitcoin, Ethereum, BNB Chain and Base. Decentralized liquidity protocol THORChain halted trading after ...
Ars Technica

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds.
TechRepublic

Google Says Hackers Used AI to Build Zero-Day Exploit

Google says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking. Google says hackers used AI to help build a zero-day exploit, then stopped it ...
Hosted on MSN

Roblox Studio Is Rewriting Modular Building Workflows with AI Planning and Procedural Models

If you've ever spent hours manually assembling modular models or reorganizing a cluttered workspace in Roblox Studio, the platform's May 2026 agentic AI update is a game-changer. With new features ...
CSOonline

‘Trivial’ exploit can give attackers root access to Linux kernel

Experts say until the distros release patches, CSOs have to beware of unauthorized privilege escalation; Kubernetes container escape is also a risk. CSOs must ensure their Linux-based systems block ...
IGN

Spider-Man: Brand New Day Script Pages Published by Marvel

In an unprecedented move, Marvel has published the first three pages of its Spider-Man: Brand New Day script, revealing exactly how the movie begins. The film's opening minutes incorporate much of the ...
CoinDesk

Drift says $270 million exploit was a six-month North Korean intelligence operation

A six-month intelligence operation preceded the $270 million exploit of Drift Protocol and was carried out by a North Korean state-affiliated group, according to a detailed incident update published ...
Mashable

iPhone exploit DarkSword has been released in the wild: How to protect yourself

iPhone users should be on alert: DarkSword spyware has been posted in the wild. Credit: Cheng Xin/Getty Images DarkSword, the web-based hacker tool that can be used to steal data from millions of ...
Android Authority

New Qualcomm exploit chain brings bootloader unlocking freedom to Android flagships (Updated: Statement)

A vulnerability in Qualcomm’s Android Bootloader implementation allows unsigned code to run via the “efisp” partition on Android 16 devices. This is paired with a “fastboot” command oversight to ...