IPOR Labs Loses $336K in Arbitrum Vault Exploit, Vows Full Refund

IPOR Labs suffered a $336,000 exploit targeting its USDC Fusion Optimizer vault on Arbitrum, with the attack exploiting a combination of legacy contract vulnerabilities and Ethereum’s newly ...
SecurityWeek

Hackers Exploit Zero-Day in Discontinued D-Link Devices

Threat actors are exploiting CVE-2026-0625, a critical zero-day vulnerability in discontinued D-Link devices for remote code ...

Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent

A newly disclosed macOS vulnerability bypasses Apple’s TCC privacy controls, allowing silent access to files, microphone data ...
Cybernews

When workflows go rogue: critical n8n vulnerability opens door to system commands

The flaw allows authenticated n8n users with workflow-creation or modification permissions to bypass the intended security sandbox.
The Hacker News

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

CISA adds two vulnerabilities affecting Microsoft Office and HPE OneView to its KEV list, urging agencies to patch by January ...
Microsoft

Phishing actors exploit complex routing and misconfigurations to spoof domains

Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, ...

Max severity Ni8mare flaw lets hackers hijack n8n servers

A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally ...
The Register on MSN

IBM's AI agent Bob easily duped to run malware, researchers show

Prompt injection lets risky commands slip past guardrails IBM describes its coding agent thus: "Bob is your AI software ...