Apex Legends players faced disruptions as hackers took control of their characters during matches, changing nicknames and causing disconnections. Respawn confirmed the incident but clarified it wasn't due to an exploit or malware. They hinted at a connection to cheats and resolved the issue within hours.

The article discusses a recent hacking incident involving an X account. The account's owners noticed suspicious activity after receiving a strange link that seemed to employ social engineering tactics, leading them to suspect a compromise attempt.

Check Point Research identified critical vulnerabilities in Microsoft Teams that allow attackers to manipulate messages, spoof notifications, and impersonate users. Four specific types of attacks were detailed, highlighting the potential for business email compromise and identity fraud. Microsoft has issued fixes for these issues, but concerns remain about security.

Hackers are exploiting misconfigured web applications used for security testing to breach Fortune 500 companies. An investigation revealed that over 1,900 vulnerable applications were exposed, allowing attackers to deploy crypto miners and webshells. Many of these apps used default credentials and lacked proper security measures.

Bitdefender Labs found that 17% of the OpenClaw AI skills examined in February 2026 are malicious. These skills, masquerading as useful tools, are used to steal crypto keys and install malware on macOS, with one user linked to 199 harmful scripts.

This GitHub repository features over 150 tools and resources tailored for red teaming operations. It includes specific tools for various stages of an attack lifecycle, from reconnaissance to exfiltration, while also offering tips for effective tactics. The materials are intended for educational purposes only.

This article introduces a curated list of hacking tools suitable for hackers, pentesters, and security researchers. Users can easily clone the repository and update it with simple commands. Contributions to the list are welcome.

Chinese state-sponsored hackers used Anthropic's AI tool, Claude, to automate cyberattacks on around 30 organizations worldwide, succeeding in several breaches. They tricked the AI into bypassing security protocols by framing malicious tasks as routine cybersecurity work. This marks a significant shift in cybercrime, highlighting the need for enhanced AI-driven defenses.

Thousands of Asus routers have been hacked and are controlled by a suspected Chinese state-sponsored group. The attack targets outdated models that no longer receive security updates, and researchers believe the compromised devices may be used for covert operations and espionage. The majority of affected routers are located in Taiwan, with additional clusters in several other countries.

This article explains how to bypass WiFi client isolation using a monitor mode wireless adapter to craft and inject packets. By manipulating frame headers, an attacker can establish direct communication with other devices on the network, even when client isolation is enforced. The piece details the technical process and provides a Python tool for execution.

Garden, a bitcoin swapping protocol, was hacked shortly after announcing significant growth, losing $11 million. Although no user funds were affected and the protocol remains intact, the company is investigating the breach and has offered a bounty to the hacker for a peaceful resolution.

This article details a vulnerability called SupaPwn found in Supabase Cloud, allowing user account escalation to control other instances in the same region. It describes the research process, how AI tools accelerated the discovery, and the collaboration with Supabase's security team.

State-sponsored hackers compromised Notepad++ update traffic from June to December 2025. The attackers redirected updates to malicious servers, targeting users through vulnerabilities in older versions of the software. Remediation measures have since been implemented, including migrating to a more secure hosting provider.

ZeroCrumb is a tool that bypasses Chrome's Elevation Service to extract app-bound credentials and cookies. It uses Transacted Hollowing to impersonate a Chrome instance and decrypt keys, allowing access to sensitive data. Users can implement it as a library and customize it for other credential types.

On November 24, 2025, over 1,000 NPM packages were compromised using a fake Bun runtime, leading to the infection of more than 27,000 GitHub repositories. The malicious code steals sensitive information and exfiltrates it via a GitHub Action runner. This incident appears to be linked to a previous attack identified as "Shai-Hulud."

The author shares their experience of having their AWS account hacked, detailing how the attacker gained access, the immediate steps taken to regain control, and the lessons learned about cloud security. They emphasize the importance of proper security measures and the mindset needed to prevent such incidents.

A security researcher discovered a vulnerability in Cracker Barrel's rewards admin panel, allowing unauthorized access by manipulating authentication code. The issue was reported and, notably, Cracker Barrel addressed it quickly without needing further intervention. No customer data was compromised.

Security researchers have discovered a cryptocurrency mining operation that targets misconfigured DevOps infrastructure, specifically exploiting HashiCorp Nomad servers, Consul dashboards, Docker APIs, and Gitea code-hosting instances to mine Monero. The attackers utilize publicly available tools to avoid detection and recommend securing these systems to prevent future breaches.

A security researcher discovered significant vulnerabilities in Volkswagen's mobile app, which potentially allowed unauthorized access to personal and vehicle information. The flaws included exposure of sensitive data through API endpoints, enabling malicious actors to gain control over vehicles and access private customer details. After reporting the issues to Volkswagen, the researcher helped facilitate the necessary security fixes.

DPRK hackers have successfully stolen approximately $137 million from users of the Tron blockchain. The attack involved sophisticated phishing techniques and targeted the platform's infrastructure, highlighting ongoing security vulnerabilities in cryptocurrency networks.

YouTuber Jeff Geerling challenged viewers to de-pixelate a heavily obscured section of his video, which was intended to protect private information. Within hours, a developer successfully restored the hidden content using frame extraction techniques, highlighting the weaknesses of pixelation as a privacy measure.

A critical vulnerability (CVE-2025-5947) in the Service Finder WordPress theme allows attackers to bypass authentication and gain administrator access, leading to significant exploitation attempts. With over 13,800 attempts recorded, users are urged to update to version 6.1 or discontinue use of the theme to mitigate risks.

An Oregon agency has announced that hackers successfully stole sensitive data during a recent cyberattack. The breach has raised concerns about the security of personal information and the measures being taken to protect it moving forward.

Wallets can indeed be hacked, posing significant risks to digital asset security. Users must be aware of vulnerabilities in wallets and take necessary precautions to protect their funds from potential breaches and theft.

Hackers are exploiting the CVE-2025-42957 vulnerability in SAP systems, which can lead to significant security breaches. The flaw allows unauthorized access and manipulation of sensitive data, prompting urgent updates and patches from SAP to protect affected users.

A significant data breach at Lotte Card has exposed personal information of over 1 million users, with estimates suggesting the leak could impact several million. The Financial Supervisory Service's investigation revealed the breach was much larger than the initially reported 1.7 GB. Lotte Card is set to apologize and announce response measures on the 18th.

The article discusses the exposure of confidential informants within the Louisiana Sheriff's Office following a significant hack. Sensitive information was leaked, raising concerns about the safety and privacy of those involved in law enforcement operations. The breach highlights vulnerabilities in law enforcement data security and its potential consequences.

A security researcher successfully reverse engineered the Worldline Yomani XR credit card terminal, uncovering significant vulnerabilities, including an exposed root shell accessible through a debug connector. Despite robust tamper resistance features, the device's architecture separates secure and insecure processing, which limits the impact of the exploit but still poses serious security risks. The researcher disclosed the vulnerability to the manufacturer, initiating a timeline for public disclosure.

The article delves into the intricacies of evading security measures within a sandbox environment, highlighting techniques that exploit vulnerabilities in Chrome's architecture. It discusses various methods hackers use to bypass restrictions and emphasizes the ongoing cat-and-mouse game between security experts and malicious actors.

Mobile number hacking, particularly through SIM swap fraud, has become increasingly common, leading to significant financial losses for victims. Signs of a compromised mobile number include unexpected service issues and losing access to personal accounts. If you suspect your number has been hacked, it's crucial to contact your carrier, secure financial accounts, and take preventive measures against future attacks.

A recent Bloomberg report has revealed that a teenage hacker and his accomplice accessed a Crypto.com employee’s account, leading to a leak of users' personal data. Crypto.com stated that the breach affected a small number of individuals and confirmed that no customer funds were compromised.

Over 40,000 security cameras worldwide are accessible via the internet, allowing potential hackers to exploit them for spying and other malicious activities. The cybersecurity firm Bitsight warns that these cameras, often used in homes and small offices, are at risk due to inadequate security measures, making them targets for cyberattacks. Users are advised to implement stronger security practices to protect their devices.

Russian hackers have been exploiting vulnerabilities in Microsoft's OAuth 2.0 authentication framework, allowing them to access sensitive information from targeted accounts. This ongoing attack poses significant security risks for organizations using Microsoft services, emphasizing the need for enhanced security measures and awareness.

Vulnerabilities in the Matrix protocol could allow hackers to take control of sensitive chat rooms, potentially compromising user privacy and security. These bugs could be exploited by attackers to manipulate conversations and access private messages, raising significant concerns for users relying on this communication platform.

A hacking group known as The Com has leaked personal information of hundreds of US government officials, including those from the FBI, ICE, and the Department of Justice, on Telegram. The data, which includes names, addresses, and phone numbers, raises concerns about threats to these officials, particularly from criminal elements in Mexico. The group has hinted at potentially targeting IRS officials next.

Marks & Spencer has confirmed that personal data of its customers was compromised during a recent hacking incident. The breach has raised concerns about the safety of customer information and the company's security measures.

A BBC reporter was approached by a cyber-criminal gang offering a share of ransom money in exchange for access to the BBC's systems. After engaging with the criminals, they experienced tactics like MFA bombing, which highlighted the risks of insider threats in cyber-security. The incident underscored the evolving methods of hackers and the importance of vigilance within organizations.

Crosswalk buttons in various US cities have been hacked to play AI-spoofed voices of tech billionaires like Jeff Bezos and Elon Musk, thanks to poorly secured systems and default passwords. The Seattle Department of Transportation is addressing the issue, which has raised concerns for visually impaired pedestrians relying on audio cues. The manufacturer, Polara, has acknowledged the vulnerability and is working on enhancing security measures.

Riot Games is enhancing its security measures to combat hacking and cheating in its video games. By employing advanced technologies and strategies, the company aims to protect both its games and the integrity of its player community. Their ongoing efforts reflect a broader industry challenge in maintaining fair play in online gaming environments.

Discord experienced a security breach attributed to a vendor, rather than being directly hacked. The incident raised concerns about the platform's overall security practices and highlighted the risks associated with third-party vendors.

A new attack known as "pixnapping" has emerged, targeting Android devices by using pixel-stealing techniques to access sensitive information. This method allows attackers to manipulate the display output, potentially compromising user data without their knowledge. Users are advised to remain vigilant and update their security measures to protect against this threat.

Sangoma's FreePBX Security Team has issued a warning about a zero-day vulnerability actively being exploited in FreePBX systems with exposed Administrator Control Panels since August 21. Users are advised to limit access to their ACPs and implement a temporary EDGE module fix, while those with compromised systems are encouraged to restore from backups and secure their installations.

Hackers are exploiting a critical unauthenticated file upload vulnerability in the WordPress theme 'Alone,' enabling remote code execution and site takeovers. Wordfence has recorded over 120,000 exploitation attempts, and a patched version of the theme was released following the discovery of the flaw. Users are advised to update to version 7.8.5 to mitigate risks associated with this vulnerability.