Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...
SecurityWeek

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers

Hackers have been unsuccessfully targeting CVE-2023-33538, a vulnerability in discontinued TP-Link routers, for a year.
The Hacker News

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

ThreatsDay Bulletin: active exploits, supply chain attacks, AI abuse, and stealth data risks observed this week.
TechCrunch

Hack-for-hire group caught targeting Android devices and iCloud backups

Security researchers say they have identified a hack-for-hire group targeting journalists, activists, and government officials across the Middle East and North Africa. The hackers used phishing ...
Forbes

‘Hack Yourself’ Apple Attack Steals Mac Passwords

You won't be smiling if this new Mac attack strikes. There’s a rather cliched saying when it comes to consumer cybersecurity: “You are the weakest link.” Hackneyed, yes, but also accurate when you ...
TheStreet.com

Another exchange hit by $270M hack, suspends withdrawals

A major decentralised finance (DeFi) platform has suffered a suspected exploit exceeding $270 million, with onchain data showing large volumes of assets rapidly moved to a single wallet. Blockchain ...

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Cybercriminals are tricking AI into leaking your data, executing code, and sending you to malicious sites. Here's how.
Forbes

Angry Hacker Drops Microsoft Zero-Day Exploit, 1 Billion Users Warned

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
New York Post

7.7 terabytes of sensitive LAPD records leaked in hack attack

Hackers reportedly gained access to personal information about Los Angeles Police Department officers, Internal Affairs documents and more in a breach of a major LA city office. A trove of sensitive ...
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Antigravity Strict Mode bypass disclosed Jan 7, 2026, patched Feb 28, enables arbitrary code execution via fd -X flag.
Los Angeles Times

Pro-Iranian hacking group claims credit for hack of FBI Director Kash Patel’s personal account

This is read by an automated voice. Please report any issues or inconsistencies here. Pro-Iranian hacking group Handala claims credit for breaching FBI Director Kash Patel’s personal email account, ...
TechCrunch

Apple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed to spyware attacks

The common assumption among iPhone security experts has been that finding vulnerabilities and developing exploits for iOS was difficult, requiring a lot of time, resources, and teams of skilled ...