The Hacker News

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
Fireship on MSN

The unexpected flaw hiding in every Linux system

A newly discovered 732-byte Python exploit poses severe risks to Linux systems globally. Affecting distributions like Ubuntu ...
latesthackingnews.com

CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.
Wired

The AI Era Is Creating a Bug-Hunting Arms Race

As attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly. “I’ve probably submitted three times more bugs than I did last year at this time—I would ...
IGN

Forza Horizon 6 Players Are Using Exploits to Farm Easy Credits and Unlock Every Car

Forza Horizon 6 players are exploiting certain parts of the game so that they can quickly and easily unlock every vehicle in the game. As spotted by GamesRadar, YouTuber XMBWesley posted a guide on ...
Bleeping Computer

Exploit released for new PinTheft Arch Linux root escalation flaw

A recently patched Linux privilege escalation vulnerability now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. The ...
Bleeping Computer

Exploit available for new DirtyDecrypt Linux root escalation flaw

A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. Named ...
CoinTelegraph

THORChain pauses trading after suspected $10M exploit

THORChain paused trading after ZachXBT flagged a suspected $10 million exploit spanning Bitcoin, Ethereum, BNB Chain and Base. Decentralized liquidity protocol THORChain halted trading after ...
LinuxInsider

Dirty Frag Linux Vulnerability Raises New Root Access Risks

For the second time in two weeks, a significant privilege escalation vulnerability has been discovered in Linux. The vulnerability known as "Dirty Frag" enables escalation from an unprivileged user to ...
HHS

Linux Defenders Face Patch and Exploit Race

Back-to-back kernel vulnerabilities in Linux has defenders scrambling to apply defenses in the age of quick turnaround time for hackers to exploit nascent flaws. See Also: Data Trust Drives Long-Term ...
InfoQ

Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
ZDNet

Dirty Frag is a new Linux bug putting your system at risk - and there's no easy fix yet

With one compromised account, Dirty Frag can expose your system. No patch can protect you from all possible attacks yet. To stay safe, you'll need to block several services, including VPNs. Linux has ...