File read flaw in Smart Slider plugin impacts 500K WordPress sites

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server.
TidBITS

DarkSword Exploit Threatens iPhones Still Running iOS 18

Security researchers have discovered DarkSword, a sophisticated exploit chain targeting iOS 18.4 through 18.7.2. Unlike past spyware aimed at high-profile targets, DarkSword is being surreptitiously ...
TechCrunch

A suite of government hacking tools targeting iPhones is now being used by cybercriminals

Security researchers have identified a suite of powerful hacking tools capable of compromising iPhones running older software that they say has passed from a government customer into the hands of ...
Nextgov

Potential US-built hacking tools obtained by foreign spies and cybercriminals, research says

A powerful iPhone hacking toolkit that researchers say may have originated as a U.S.-built capability has surfaced in the hands of foreign espionage actors and financially motivated criminal groups, ...
Tech.co

Report: 1 in 4 Data Breaches Exploit Third-Party Vulnerabilities

Supply chain vulnerabilities and AI-powered phishing attacks are the latest trends in cybersecurity, according to a new threat report. Among the top threats in the new analysis are the vulnerabilities ...
IGN

Arc Raiders Dev Says Players Who Used 'Recent Exploits' Will Face Warnings and Suspensions Starting This Week

Embark Studios is keeping its promise to take action against players who took advantage of duplication exploits and other glitches in Arc Raiders by issuing warnings and suspensions. The developer ...
PCGamesN

After major Arc Raiders exploit ruins games, Embark knows players want "fast action" but is taking its time to stay fair

Arc Raiders seems to be facing its first major hurdle. It cleared the first potential hazard, as players didn't seem to care that it had used generative AI for NPC voices, despite the fact it made ...
IGN

"The internet usually tells us our trades suck."

GameStop has said it has shut down a loophole that let its customers rack up store credit by continually trading in then rebuying a Nintendo Switch 2 console. In a statement posted to social media, ...
CoinTelegraph

Saga pauses chainlet after $7M exploit that depegged its stablecoin

Saga’s US dollar-pegged stablecoin has dropped to $0.75, while the protocol's total value locked has fallen by around 55% over the past 24 hours. Layer-1 blockchain protocol Saga has paused its ...
Searchenginejournal.com

WooCommerce WordPress Plugin Exploit Enables Fraudulent Charges

The WooCommerce Square plugin enables WordPress sites to accept payments through the Square POS, as well as synchronize product inventory data between Square and WooCommerce. Square plugin enables a ...
CoinTelegraph

Flow details December exploit that led to $3.9M in losses due to counterfeit tokens

A protocol-level flaw allowed assets to be duplicated rather than minted, prompting a network halt and a governance-led recovery process. The Flow Foundation on Tuesday published a technical post ...
Forbes

‘Zero‑Click Google Drive Wiper’ Exploit Mass‑Deletes Files

A polite email asking an AI browser to “organize your Drive” can silently wipe your files. No phishing link or suspicious attachment required. Just a friendly request that turns an automated assistant ...