SecurityWeek

OpenSSL Patches High-Severity Vulnerability Found With AI

The latest OpenSSL releases patch 18 vulnerabilities, including a high-severity issue that could allow remote code execution.
The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...
Android

The Notification Trap: How a Text on WhatsApp Could Have Controlled Your Phone's AI

Security firm SafeBreach discovered a significant prompt injection flaw in Android’s Google Gemini that allowed malicious notifications from apps like WhatsApp or Slack to hijack the assistant. By ...
MIT Technology Review

The Meta hack shows there’s more to AI security than Mythos

Gong and other scholars have been issuing warnings about the security vulnerabilities of AI agents for a while. They publish ...
Ars Technica

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...
CoinTelegraph

THORChain pauses trading after suspected $10M exploit

THORChain paused trading after ZachXBT flagged a suspected $10 million exploit spanning Bitcoin, Ethereum, BNB Chain and Base. Decentralized liquidity protocol THORChain halted trading after ...
Ars Technica

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds.
The New York Times

‘Life Hack’ Review: A Heist That Never Leaves the Screen

A group of teenagers seem to be targeting a cryptocurrency billionaire out of boredom, but they have a more sympathetic motive in this hacker film. By Chris Azzopardi When you purchase a ticket for an ...
CNET

Canvas Hack Aftermath: Congress Wants Instructure to Answer Questions

A hacker group stole data from more than 9,000 schools using an exploit in Instructure's service. Now the House Homeland Security Committee is getting involved. Tyler is a writer for CNET covering ...
CNN

Data stolen in Canvas hack that hit thousands of schools has been returned, company says

Data stolen in a cyberattack that shut down an education platform used by universities and K-12 schools across the US last week has been returned to the platform’s parent company, Instructure, ...
Mashable

Instructure Canvas hack update: Breach involved a specific teacher account type and interrupted finals

Students have struggled with Canvas downtime due to a data breach during school finals. Credit: Piotr Swat/SOPA Images/LightRocket via Getty Images The hacking collective ShinyHunters says it ...
The Washington Post

Canvas hack exposes schools’ vulnerability to cyberattacks

The vast data breach at education platform Canvas this week exposed the vulnerability of student information as hackers increasingly target school systems, colleges and the tech companies they rely on ...