It turns out AI-coding tools are useful to criminals, too.

A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications.

A hacker exploited Anthropic PBC’s artificial intelligence chatbot to carry out a series of attacks against Mexican government agencies, resulting in the theft of a huge trove of sensitive tax and ...

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. On Windows, an ...

Six zero-day flaws being exploited are now patched — users urged to update immediately Microsoft’s Patch Tuesday release addresses roughly 60 vulnerabilities overall. Microsoft has confirmed that ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...

Amaranth Dragon, linked to APT41, joins groups exploiting WinRAR CVE-2025-8088 Targets include organizations across Southeast Asia, using custom loaders and Cloudflare-masked servers Vulnerability ...

A hacking campaign took just days to exploit a newly disclosed security vulnerability in Microsoft Windows version of WinRAR, researchers at Check Point have said. The attackers leveraged ...

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more ...

Russian-linked hacking group Fancy Bear (APT28) has reportedly exploited a recently disclosed vulnerability in Microsoft Office to conduct cyber-attacks against Ukrainian and EU organizations. The ...

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...