The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.
Jurist

‘Lethal Injection Is Based on the Illusion of Science’: An Interview with Law Professor Corinna Barrett Lain

In this interview, law professor Corinna Barrett Lain discusses her book “Secrets of the Killing State,” which exposes the troubling realities behind lethal injection as a method of execution. Lain, a ...
CNBC

Pfizer says obesity injection shows promise as monthly treatment in mid-stage trial

Pfizer said its experimental obesity drug, which it acquired through Metsera, drove solid weight loss when taken once a month in a mid-stage trial. The data offer early evidence that the injection can ...
Infosecurity-magazine.com

SQL Injection Flaw Affects 40,000 WordPress Sites

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries. The ...
VentureBeat

Infostealers added Clawdbot to their target lists before most security teams knew it was running

Clawdbot's MCP implementation has no mandatory authentication, allows prompt injection, and grants shell access by design. Monday's VentureBeat article documented these architectural flaws. By ...
Bleeping Computer

Exploit code public for critical FortiSIEM command injection flaw

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a ...
Dark Reading

Phishers Exploit Office 365 Users Who Let Their Guard Down

Threat actors are using complex trickery in their phishing attacks to make email recipients believe a message was sent from within the organization. That's according to Microsoft Threat Intelligence, ...
CoinTelegraph

Flow details December exploit that led to $3.9M in losses due to counterfeit tokens

A protocol-level flaw allowed assets to be duplicated rather than minted, prompting a network halt and a governance-led recovery process. The Flow Foundation on Tuesday published a technical post ...
Jalopnik

Is Fuel Injection Service Worth It Or Just A Rip-Off? Here's When You Actually Need It

You know the drill by now. You're sitting in the purgatory of the service center waiting room. Precisely 63 minutes into your wait, the service adviser walks out with a clipboard and calls your name — ...
Computer Weekly

NCSC warns of confusion over true nature of AI prompt injection

The UK’s National Cyber Security Centre (NCSC) has highlighted a potentially dangerous misunderstanding surrounding emergent prompt injection attacks against generative artificial intelligence (GenAI) ...
cryptopolitan

New exploit found in ServiceNow’s AI agents can be tricked to act against each other

Researchers uncover a second-order prompt injection exploit in ServiceNow’s Now Assist AI agents caused by risky default configurations. Attackers can manipulate agent-to-agent collaboration to steal ...