The Hacker News

One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public

CVE-2026-23111 is a Linux kernel nf_tables use-after-free that lets an unprivileged local user escalate to root and escape a ...
Bleeping Computer

Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now

Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. FortiWeb ...
Bleeping Computer

Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable ...
Hosted on MSN

Where Winds Meet Exploit: Get Quest Rewards for Free

Where Winds Meet players have discovered a major exploit that allows them to gain quest rewards without lifting a finger. NetEase's wuxia-inspired open-world RPG launched last month to widespread ...
Security Boulevard

DarkSword: The iPhone Exploit That Forced Apple to Rewrite Its Own Security Playbook

DarkSword silently compromises iPhones through website visits alone. 270M devices affected. Apple breaks its own policy with a rare iOS 18 security backport.
Hosted on MSN

Google warns that exploits now routinely arrive before patches — and attackers hand off access to other groups in under 22 seconds

In early 2025, Google’s Mandiant incident-response team documented something that upends a basic assumption of cybersecurity: in a growing number of cases, attackers are building working exploits for ...
Dark Reading

Exploits Turn Windows Defender Into Attacker Tool

Threat actors are using three publicly available proof-of-concept exploits to attack Microsoft Defender and turn the security platform's primary cleanup and protection functions against organizations ...