Two high-severity vulnerabilities discovered in libpng—the widely used reference library for reading and writing PNG images—create a sweeping risk for any software that parses images. The flaws can trigger process crashes, leak sensitive heap contents, and, on some platforms, enable arbitrary code execution. Because image handling is baked into web applications, server-side processing pipelines, mobile and embedded systems, and desktop
Category: Hacking and Exploits
Web-Hacking, 0-Day, Malware, Ransomware, Exploit, Vulnerabilities, Privilege-Flaw, Privilege-Escalation, Zero-Day, Exploit, Jailbreak, Penetration-Testing, Trojan, Spyware, Rootkit, Worm, Backdoor, Payload, Obfuscation, DDoS, Phishing, MITM, Spoofing, Brute-force, Port-Scan, SQLi, XSS, CSRF, Path-Traversal, LFI, RFI, Insecure-Deserialization, Buffer-Overflow, CVE, Exploit-Kit, Shellcode, bug bounty, ethical hacking, CTF, capture the flag, offensive security, red team exercise, exploit development, reverse engineering, vulnerability research, credential harvesting
Google Drive turns on AI ransomware detection by default for paying users
Google has moved its AI-powered ransomware detection for Drive out of beta and enabled it by default for paid customers, shifting cloud storage from a passive backup to an active containment point. First trialed in late 2025, the feature now scans files as they sync from desktop endpoints and pauses syncing when ransomware-like encryption is detected, alerting both users and
Hackers Weaponize Legitimate Windows Tools to Kill Antivirus — What Defenders Must Do Now
Ransomware gangs have evolved from noisy mass campaigns into precise, surgical operators. A growing and dangerous trend is the abuse of legitimate Windows utilities — tools built to help administrators troubleshoot and repair systems — as the first step in modern ransomware operations. By repurposing utilities such as Process Hacker, IOBit Unlocker, PowerRun, AuKill and TDSSKiller, attackers can silently neutralize
Notepad++ v8.9.3 Released — cURL Fixes, Crash Repairs, and Enterprise Controls
Notepad++ has shipped version 8.9.3, a maintenance-focused release that closes a notable security gap in its updater, resolves several long-standing stability regressions, and finishes a multi-release migration to a faster XML parser. For administrators and power users who depend on the editor for daily development work, this update is worth prompt attention: it contains both a security remediation and a
Firefox 149 Ships: Patches for 37 Vulnerabilities, Including Multiple Sandbox Escapes
Mozilla released Firefox 149 on March 24, 2026, in one of the browser’s largest security updates in recent memory. The release fixes 37 vulnerabilities across memory corruption, sandbox escapes, use‑after‑free bugs, JIT miscompilation, and other issues that could enable remote code execution or privilege escalation. Given the number and seriousness of these fixes — 16 high‑severity issues among them —
Citrix Warns: Patch NetScaler ADC and Gateway Flaws Immediately
Citrix has released urgent security updates for NetScaler ADC and NetScaler Gateway after discovering two vulnerabilities that could expose sensitive session data and cause session mix-ups. The company is urging administrators to apply the fixes as soon as possible, citing the potential for exploitation that echoes earlier high-profile memory-leak bugs that were actively abused in the wild. What happened Earlier