Dark Reading

Microsoft Rushes Emergency Patch for Office Zero-Day

To exploit the vulnerability, an attacker would need either system access or be able to convince a user to open a malicious ...
Windows Report

Microsoft Confirms Active Office Zero-Day Exploit, Deploys Emergency Fix

Microsoft releases an urgent out-of-band update for a critical Office zero-day flaw already exploited in real-world attacks.

Keeping Your Posts Private On Instagram? Alert! Hackers Can Access Them With This Trick

A serious vulnerability in Instagram allowed attackers to access private photos and captions without authentication.
PCMag

From Grubhub to Google, Hackers Ate Well This Week

You probably didn't order that pizza with a side of "free data breach," but that's exactly what you're getting in our latest ...

Ancient telnet bug happily hands out root to attackers

The security advisory explains that the bug allows attackers to easily gain root access to a target system. "The telnetd ...
Dark Reading

Microsoft & Anthropic MCP Servers at Risk of RCE, Cloud Takeovers

Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry ...

Novee Emerges From Stealth With $51.5M to Counter AI Cyberattacks With a Proprietary AI Hacker

Founded by elite offensive security and AI research leaders * AI pentesting platform thinks like a real attacker, uncovers novel vulnerabilities, ...

AI’s Hacking Skills Are Approaching an ‘Inflection Point’

AI models are getting so good at finding vulnerabilities that some experts say the tech industry might need to rethink how ...
The Hacker News

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Active malware exploits DLL side-loading in a signed GitKraken binary to deliver trojans, stealers, and remote access malware.
CoinTelegraph

Trust Wallet will cover $7M lost in Christmas Day hack, CZ says

The malicious Trust Wallet extension has also been exporting users’ personal information, pointing to potential insider activity, according to cybersecurity company SlowMist. Trust Wallet users lost ...
InfoWorld

All I want for Christmas is a server-side JavaScript framework

Could 2026 be the year of the beautiful back end? We explore the range of options for server-side JavaScript development, from Express to Next and all the rest. A grumpy Scrooge of a developer might ...