The Hacker News

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand ...

From unpatched cars to hijacked clouds, this week's Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending ...
Security Boulevard

Top CVEs & Vulnerabilities of September 2025

CVEs & Vulnerabilities of September 2025 reveal a wave of high-impact flaws that security teams cannot afford to ignore. From unauthenticated exploits in FreePBX to privilege escalation in Android and ...
Security Boulevard

Risk of Prompt Injection in LLM-Integrated Apps

Large Language Models (LLMs) are at the core of today’s AI revolution, powering advanced tools and other intelligent chatbots. These sophisticated neural networks are trained on vast amounts of text ...

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

Today’s installment hits OpenAI’s Deep Research agent. Researchers recently devised an attack that plucked confidential information out of a user’s Gmail inbox and sent it to an attacker-controlled ...
GitHub

Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL ...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...