Truebit lost $26 million after a smart-contract overflow bug let an attacker mint tokens at near-zero cost, sending the TRU price down 99%. A $26 million exploit of the offline computation protocol ...

Pam's Colecovision was her babysitter, from the age of 4 or 5, but the family only had one game. Over and over, hour after hour, she'd climb and jump through the three levels of Donkey Kong. But the ...

Fresh attacks targeted three VMware ESXi vulnerabilities that were disclosed in March 2025 as zero-days. A Chinese threat actor built an exploit for three VMware ESXi vulnerabilities that were patched ...

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. Previously spread through pirated software ...

Attackers have upped the ante in their exploits of a recently-disclosed maximum severity vulnerability in React Server Components (RSC), Next.js, and related frameworks. Attackers initially exploited ...

The Apache Software Foundation has released an emergency security update today to patch a zero-day vulnerability in Log4j, a Java library that provides logging capabilities. The vulnerability, also ...

Ongoing vulnerable Log4j downloads suggest the supply chain crisis wasn’t the wake-up call it should have been. Back in December 2021, the “internet on fire” headlines weren’t hyperbole. Security ...

A new public exploit chains two critical flaws in SAP NetWeaver, exposing unpatched instances to code execution attacks. Dozens of SAP NetWeaver instances are susceptible to compromise after a threat ...

A single flaw in Apache Log4j spiraled into one of the most dangerous exploits ever found. Experts warned it could have taken down the entire internet. White House responds to Trump-Putin documents ...

Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services ...

Reachability has quickly become one of the latest buzzwords in cybersecurity, but every vendor means something slightly different by the term. In part one of this series, I argued that reachability is ...