Two high-severity vulnerabilities discovered in libpng—the widely used reference library for reading and writing PNG images—create a sweeping risk for any software that parses images. The flaws can trigger process crashes, leak sensitive heap contents, and, on some platforms, enable arbitrary code execution. Because image handling is baked into web applications, server-side processing pipelines, mobile and embedded systems, and desktop
Category: Cybersecurity
Zero-Day, APT, Exfiltration, Lateral-Movement, Privilege-Escalation, Botnet, Rootkit, Backdoor, Keylogger, Smishing, Vishing, Spear-Phishing, Social-Engineering, MITM, SQL-Injection, XSS, CSRF, Path-Traversal, Buffer-Overflow, Honeypot, CVE, CVSS, Red-Team, Blue-Team, Threat-Hunting, Malware-Analysis, MITRE-ATT&CK, Insider-Threat, Jailbreak, Shellcode, Exploit-Kit, LFI, RFI, Obfuscation, Payload, security advisory, vulnerability disclosure, CWE, OWASP, cybersecurity news, threat intelligence, SOC, SIEM, cryptotheft, evasion, CVE Security
Hackers Weaponize Legitimate Windows Tools to Kill Antivirus — What Defenders Must Do Now
Ransomware gangs have evolved from noisy mass campaigns into precise, surgical operators. A growing and dangerous trend is the abuse of legitimate Windows utilities — tools built to help administrators troubleshoot and repair systems — as the first step in modern ransomware operations. By repurposing utilities such as Process Hacker, IOBit Unlocker, PowerRun, AuKill and TDSSKiller, attackers can silently neutralize
Google Lets You Change Your @gmail.com Address — Here’s How to Do It Safely
For more than twenty years, the email address you chose when creating a Google Account was effectively permanent. That meant awkward childhood handles, name changes after marriage, or simply wanting a cleaner, more professional address often required creating a brand-new Google Account and manually migrating data. Google has quietly changed that rule: users with @gmail.com addresses can now replace their
Inside the Claude Code Leak: What Anthropic’s Accidental Release Reveals
Anthropic, the AI company behind the Claude family of agents, suffered an unexpected exposure that rippled across the developer community and the wider AI market. Earlier today, a sizable JavaScript source map file—bundled with a public npm release—made internal implementation details of Claude Code visible to anyone who downloaded it. What began as a packaging mistake quickly became a public
Notepad++ v8.9.3 Released — cURL Fixes, Crash Repairs, and Enterprise Controls
Notepad++ has shipped version 8.9.3, a maintenance-focused release that closes a notable security gap in its updater, resolves several long-standing stability regressions, and finishes a multi-release migration to a faster XML parser. For administrators and power users who depend on the editor for daily development work, this update is worth prompt attention: it contains both a security remediation and a
Claude AI Uncovers Zero-Day RCEs in Vim and Emacs — A Turning Point for Bug Hunting
A recent research effort demonstrated that advanced AI models can accelerate and amplify vulnerability discovery in legacy software. Anthropic’s Claude was used to hunt for remote code execution (RCE) flaws and successfully produced proof-of-concept exploits against both Vim and GNU Emacs. The findings illustrate how natural-language prompts can surface high-impact bugs with surprising ease, and they raise urgent questions about