Critical cPanel and WHM bug exploited as a zero-day, PoC now available

The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in ...

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...

Password Security—2.8 Billion Credential Theft Crimewave Exposed

A surge in password-related cybercrime throughout 2025 has seen not only 2.8 billion credentials stolen, but macOS ...
The Hacker News

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

SMS blasters, npm supply chain hits, and unpatched Windows flaws. Stay ahead of new phishing kits and exposed servers.
OS X Daily

How to Find Compromised & Reused Passwords on iPhone, iPad, and Mac

The Passwords app, Apple’s built-in password manager for Mac, iPhone, and iPad, not only stores your logins and passwords for ...

Rockies' Tomoyuki Sugano: Tosses 5.1 scoreless innings

Sugano (3-1) earned the win Wednesday against the Reds, allowing four hits and three walks while striking out two over 5.1 scoreless innings. Sugano turned in his first scoreless outing of the season, ...
The Next Web

OpenAI now lets you lock your ChatGPT account with a hardware key. Here is why it thinks you should.

OpenAI's Advanced Account Security replaces passwords with hardware keys and passkeys, disables email recovery, and opts users out of model training. Co-branded YubiKeys cost $68 for two.
SecurityWeek

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical-severity authentication bypass vulnerability in cPanel & WHM has been exploited as a zero-day since February 2026.
PCMag

OpenAI's Advanced Account Protection Dumps Passwords for Security Keys

OpenAI's new 'Advanced Account Security' mode is for users looking for top-tier account protection, and requires either ...