Security news aggregator

Latest coverage for Exploit

Stay informed on the latest exploit trends and vulnerabilities. Get expert insights and updates on information security exploits with our dedicated tag.

264 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

An exploit is code, data, or a sequence of actions that uses a software, hardware, or configuration vulnerability to produce unintended behavior. Depending on the flaw and the attacker’s access, it may enable unauthorized code execution, privilege escalation, information disclosure, or denial of service. Exploitation can occur remotely through exposed services, web applications, or client software, or locally after an attacker gains limited access.

Exploitation matters because a vulnerability becomes an active attack path when the required conditions are reachable and exploitable. Defenders should inventory affected assets, prioritize remediation when exploitation is known or credible, apply patches or vendor mitigations, and reduce exposure through access controls, segmentation, and secure configuration. Monitoring for exploit-specific indicators—such as abnormal requests, unexpected processes, or privilege changes—supports detection; systems suspected of successful exploitation require containment and investigation for follow-on access.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 264 Filtered view

Also: AscendEX Shuts Down; Ethereum Foundation on AI Bug HuntingThis week, Ostium paused trading, AscendEX shut down, Ethereum said AI hastens bug hunting, not verification, the United States charged an inmate over seized transfer, ex-Sheriff's deputy jailed for extortion, Tangem card security, Iran-linked wallets sanctions and the U.S. may drop BitClub charges.

Bank Info Security 2 days, 19 hours ago

Researcher Drops 9th Windows Zero-Day

LegacyHive Is a Local Privilege Escalation BugThe vulnerability hunter in a feud with Microsoft released yet another Windows zero-day Tuesday as promised, though the touted "bone-shattering" disclosure was stripped down to prevent public exploitation. LegacyHive, exploits a profile-loading race condition to access another user's registry hive.

Bank Info Security 1 week, 1 day ago

AI Coding Tools Can Fake Approval Prompts

Old Unix Symlink Trick Lets Malicious Code Bypass User ChecksWiz researchers found that six popular AI coding assistants can be tricked into modifying sensitive files, including SSH keys, while their approval prompts display a harmless filename. The GhostApproval technique exploits a decades-old Unix symlink behavior to mislead users.

Lightspeed Funds Will Support Defenses Against Continuous, Machine-Led ExploitationA Security, founded by former Sygnia executive Yossi Torati, emerged from stealth with $37 million to build defenses against weaponized AI that can automate discovery, exploit attack paths and manipulate agentic systems faster than human security teams can respond.

Evaluations of Claude Mythos 5 Elevates Offensive Cyber, But Isn't Fully AutonomousAnthropic says its new Claude Mythos 5 model that debuted Tuesday can consistently discover vulnerabilities, build exploit chains and assist attacks on weak enterprise networks, but remains below the threshold for fully autonomous large-scale cyber operations.

Bank Info Security 1 month, 1 week ago

AI Exploit Risks Pushing Healthcare Security Shift

MultiCare Health CISO Jason Elrod on Need for Faster Cyber ResilienceEmerging AI tools can identify and exploit software vulnerabilities within minutes, forcing healthcare organizations to rethink cyber strategies. Jason Elrod, CISO of MultiCare Health System, explains why exploitability management, microsegmentation and AI-driven resilience matter more than ever.

Bank Info Security 1 month, 1 week ago

Cryptohack Roundup: US Strikes Iran's Crypto Network

Also: Former Hodlnaut CEO Charged and Stake DAO Hit by ExploitEvery week, ISMG rounds up cybersecurity incidents in digital assets. This week, the U.S. sanctioned Iran's largest exchange, ex-Hodlnaut CEO faced charges, the U.S. Securities and Exchange Commission sued over a $12.3M AI crypto scam and exploits hit Gravity Bridge, Stake DAO and Gnosis Pay.

Bank Info Security 1 month, 2 weeks ago

AI-Driven Bug Tsunami Prompts Exploitability Questions

Severity and Reachability Metrics Also Essential for Mythos-Era Bug MitigationIf there's one thing artificial intelligence has done, it's multiply bugs, and the annual CVE Program count of new vulnerabilities is set to break records. Less apparent is how many of those AI-ferreted vulnerabilities can be turned into high-impact exploit chains - if they're exploitable at all.

Bank Info Security 1 month, 2 weeks ago

Microsoft Threatens Legal Action Over Zero-Day Leaks

Security Researchers Fear Broader Legal Pressure on Bug DisclosuresMicrosoft is pursuing legal action after a researcher publicly released six Windows zero-days and exploit code following a breakdown in coordinated disclosure talks, escalating tensions over vulnerability disclosure, platform moderation and protections for independent security researchers.

Bank Info Security 1 month, 3 weeks ago

RondoDox Botnet Exploits 2018 Flaw in Asus Routers

Botnet Operators Execute First Known Exploit of Nearly Decade-Old FlawOperators behind a botnet picked up on a nearly decade-old flaw in Asus routers allowing an unauthenticated attacker to achieve remote code execution as a root user. VulnCheck began observing exploitation of the Asus vulnerability on May 17.

Also, YellowKey Bypasses BitLocker, Škoda Breach, Kingdom Market Operator JailedThis week, U.S. lawmakers urged action on AI, a BitLocker exploit. Škoda, Nvidia’s GeForce NOW partner and telehealth firm OpenLoop reported breaches. Patch Tuesday. A dark market operator sentenced and pro-Ukraine and Iranian-linked hacking. Nitrogen ransomware attack on Foxconn.

Bank Info Security 2 months ago

Linux Defenders Face Patch and Exploit Race

Kernel Privilege Escalation Has One Linux Maintainer Contemplating a 'Kill Switch'Back-to-back kernel vulnerabilities in Linux has defenders scrambling to apply defenses in the age of quick turnaround time for hackers to exploit nascent flaws. "Dirty Frag" and "Copy Fail" kernel privilege escalation vulnerabilities became public knowledge within two weeks of each other.

Bank Info Security 2 months ago

AI-Built Zero-Day Nearly Powered Mass Attack

Google Says Criminals Used AI to Discover and Code ExploitA cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model had built from scratch, said Google researchers. Google said it worked with the affected vendor to patch the flaw before an attack could be launched.

Bank Info Security 2 months, 1 week ago

The Threat Window Is Shrinking. The Response Gap Isn't

Patching Workflows Built for Weekly Cycles Can't Survive an Era of Hourly ExploitsAI is shrinking the window between vulnerability disclosure and active exploitation from weeks to hours. But remediation workflows haven't kept pace. Security teams need real-time intelligence, unified IT and security operations, and automated remediation to close the gap before attackers do.

Bank Info Security 2 months, 1 week ago

'Dirty Frag' Gives Root on Linux Distros

No Patches Yet Available, After Third Party Published Vulnerability DetailsSecurity researchers have discovered a new, critical flaw in the Linux kernel that attackers can exploit to gain root access. No patches are yet available to fix "Dirty Frag," the second new local privilege escalation flaw to be found in two weeks, following the similar "Copy Fail" vulnerability.

Bank Info Security 2 months, 1 week ago

Security Lost The Speed War: Context Is How We Win

AI-Driven Attacks Compress Breakout Times, Forcing Defenders to Rely on Context NowAI has lowered the cost and speed of cyberattacks, enabling adversaries to exploit vulnerabilities within minutes. As breakout times collapse, security teams must respond faster by using context-driven intelligence and automation to detect, prioritize and stop threats in real time.

Mythos Moves the Needle on AI Innovation, DefenseAnthropic’s “Mythos moment” is accelerating vulnerability discovery, but speed without validation is a growing risk. As exploit windows shrink and remediation lags, more findings only mean more noise. The real advantage lies in validating what actually matters—and fixing it first.

Bank Info Security 2 months, 1 week ago

NY Fines Delta Dental $2.25M Over 2023 MOVEit Hack

Investigators Find Violations of State Cyber RegulationsNew York fined Delta Dental $2.25 million for the company's response to the mass exploit of a zero-day vulnerability in Progress Software' MOVEit file transfer application. Delta Dental is one of thousands of organizations caught up in the blast radius of an automated 2023 Memorial Day hack.

Bank Info Security 2 months, 3 weeks ago

Breach Roundup: Myanmar Scam Compound Managers Charged

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal HitThis week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.

Bank Info Security 2 months, 4 weeks ago

A Token Flaw Turned Azure's AI Agent Into a Spy

Outsiders Could Exploit Misconfig to Stream Commands, CredentialsA misconfiguration in Microsoft's Azure SRE Agent may have allowed any Azure account holder from any company to tap into another organization's agent conversations in real time, watching commands, outputs and credentials, leaving no trace.

Loading more headlines...