The Register on MSN

OWASP Top 10: Broken access control still tops app security list

Risk list highlights misconfigs, supply chain failures, and singles out prompt injection in AI apps The Open Worldwide ...
Bleeping Computer

Oracle silently fixes zero-day exploit leaked by ShinyHunters

Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters ...

Claude code will send your data to crims ... if they ask it nicely

"The exploit hijacks Claude and follows the adversaries instructions to grab private data, write it to the sandbox, and then calls the Anthropic File API to upload the file to the attacker's account ...
WinBuzzer

Anthropic Claude Flaw Lets Attackers Steal Data Using AI’s Own API

A critical vulnerability in Anthropic's Claude AI allows attackers to exfiltrate user data via a chained exploit that abuses ...
CoinTelegraph

MEV bot exploit heads to US court, testing crypto’s legal gray zones

Opening arguments in the criminal trial for two brothers allegedly responsible for using maximal extractable value (MEV) bots to perpetuate a multimillion-dollar exploit began on Wednesday. Anton and ...
Linux Journal

The Most Critical Linux Kernel Breaches of 2025 So Far

The overall volume of kernel CVEs continues to climb: one security commentary noted the first 16 days of 2025 already saw 134 ...

Don’t Buy Scotch Whisky Casks As An Investment. Here’s Why

A stream of misinformation and a lack of transparent data means the general public should stay away from this high-risk and ...
Bleeping Computer

Hackers exploit Cisco SNMP flaw to deploy rootkit on switches

Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit and target unprotected Linux systems. The security issue ...
Australian Broadcasting Corporation

Russia's interest in Antarctic oil exposed after Ukrainian scientist's arrest

A Russian document says proposed Marine Protected Areas (MPAs) would "lead to the loss of the opportunity to develop hydrocarbon resources by Russia on the continental shelf of Antarctica". The ...
PCGamesN

Battlefield 6 dev promises to fix its most ridiculous movement exploit

I've never seen a game launch without a single bug. However, some launches are plagued with more of them than others. Battlefield 6 has got off to a relatively good start, considering the size of the ...
ZDNet

This new Android exploit can steal everything on your screen - even 2FA codes

Pixnapping could be used to steal private data, including 2FA codes. Side-channel attack abuses Google Android APIs to steal data on display. Flaw is partially patched, although a more complete fix is ...
TechCrunch

Apple alerts exploit developer that his iPhone was targeted with government spyware

Earlier this year, a developer was shocked by a message that appeared on his personal phone: “Apple detected a targeted mercenary spyware attack against your iPhone.” “I was panicking,” Jay Gibson, ...