latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.
Bleeping Computer

Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook

A forum thread titled “Hacking for Profit. Working method” offers a rare glance into how underground communities pass information about vulnerability exploitation and hacking techniques in a form of ...
techtimes

Anthropic AI Vulnerability Scanner in Enterprise Beta: IBM Joins Glasswing After 10,000 Flaws Found

Anthropic opened Claude Security to public beta for all Claude Enterprise customers on April 30, giving engineering teams an AI-powered codebase scanner that identifies vulnerabilities without ...
NPR

ICE is spending millions of dollars on iris scanners, expanding its arsenal of tech tools

The Department of Homeland Security is expanding its capacity to scan irises as part of its mass deportation efforts, a move that has raised concerns among privacy experts that the agency, flush with ...
Ars Technica

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
The Hacker News

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch ...
TechCrunch

Adobe fixes PDF zero-day security bug that hackers have exploited for months

Adobe has patched a vulnerability in its flagship document-reading apps, Acrobat DC, Reader DC and Acrobat 2024, that hackers have been actively exploiting for at least four months. The vulnerability, ...
VentureBeat

Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook

A 27-year-old bug sat inside OpenBSD’s TCP stack while auditors reviewed the code, fuzzers ran against it, and the operating system earned its reputation as one of the most security-hardened platforms ...
InfoQ

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
CSOonline

Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave

Socket and Wiz confirm widespread credential theft and worm‑like propagation, with cached malicious Trivy artifacts still circulating across mirror infrastructure despite takedowns. What started as a ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have been compromised in a sophisticated CI/CD-focused supply chain attack. Threat actors ...
SecurityWeek

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Hackers published a malicious scanner release and replaced tags to point to information-stealer malware. A threat actor compromised Aqua Security’s Trivy open source vulnerability scanner in a supply ...