The Hacker News

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...

Bungie Teases Upcoming Marathon Changes, Starting With Much Needed Buffs

Recon, my beloved, will finally be a more respected Shell soon.

OpenClaw has 500,000 instances and no enterprise kill switch

OpenClaw has reached 500,000 internet-facing instances with three unpatched high-severity CVEs, no enterprise kill switch, ...
The Hacker News

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The U.S. State Department has officially launched the Bureau of Emerging Threats, a new unit tasked with protecting U.S.

AI Just Hacked One Of The World's Most Secure Operating Systems

An AI agent just autonomously exploited a FreeBSD kernel vulnerability in four hours, signaling a fundamental shift in the ...
SecurityWeek

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
CSO Online

Security lapse lets researchers see React2Shell hackers’ dashboard

The campaign is stealing credentials from unpatched servers at scale, due to “neglect and efficiency,” says analyst, and the ...

Mammotion LUBA 3 AWD 3000 robot lawn mower — autonomous mowing just got exponentially better for owners of larger landscapes

If you have a large, complex swathe of sward with steep sections, this is the robot mower for you ...