Solana's DeFi darling, Drift Protocol, just got gutted for $280 million. Hackers didn't touch code; they owned the multisig council instead.
What if the apps you downloaded from Google Play just handed root access to hackers? NoVoice malware did exactly that to 2.3 million Android users — and Google let it slide for months.
What if your Cisco server's out-of-band manager was wide open to any hacker with a crafted request? CVE-2026-20093 turns password changes into admin backdoors—no login required.
Chinese hackers from TA416 are back, hitting European governments with web bugs and PlugX malware after a two-year lull. Proofpoint warns of rapid evolution in tactics targeting diplomats.
Folks figured VM NAT was bulletproof userspace sleight-of-hand. Wrong. This revived 2017 exploit blueprint shows guests corrupting heaps to hijack the host process.
Imagine hijacking macOS's audio core like a sonic boom ripping through defenses. This researcher did just that with CVE-2024-54529, turning a type confusion glitch into full exploit glory.
Shodan counts 140,000+ F5 BIG-IP devices staring out at the internet, ripe for CVE-2025-53521's new RCE tricks. What started as a DoS headache just went nuclear.
Everyone thought Android would stay the wild west of mobile OSes. Google's new developer verification scheme says nope—time to lock it down like iOS.