Aggregator

Day One of Pwn2Own Automotive 2026, which delivered $516,500 USD for 37 zero-days, the event has now accumulated $955,750 USD across 66 unique vulnerabilities, demonstrating the automotive sector’s substantial attack surface. The competition showcased exploits targeting multiple vehicle subsystems, including in-vehicle infotainment (IVI) systems, EV charging stations, and embedded Linux environments. Researchers successfully demonstrated command […]

The post Hackers Earned $516,500 for 37 Unique 0-day Vulnerabilities – Pwn2Own Automotive 2026 appeared first on Cyber Security News.

A critical authentication bypass vulnerability in SmarterTools SmarterMail is actively being exploited in the wild by attackers, according to security researchers at watchTowr Labs. The vulnerability, tracked as WT-2026-0001, allows unauthenticated attackers to reset the system administrator password without any validation, leading to complete system takeover. The flaw exists in the ForceResetPassword API endpoint, which is designed […]

The post Attackers Reverse‑Engineer Patch to Exploit SmarterMail Admin Bypass in the Wild appeared first on Cyber Security News.

Obsidian Security announced end-to-end SaaS supply chain security solution, empowering organizations to monitor, control and contain the security risk hiding inside interconnected SaaS ecosystems. Companies depend on hundreds of SaaS applications to operate their business. The security threat posed by these interconnected SaaS applications is growing exponentially with major breaches like the Salesloft-Drift Supply Chain attack that impacted over 700 organizations last year. Obsidian Security is launching a new solution that secures the SaaS supply … More →

The post Obsidian Security unveils end-to-end SaaS supply chain security to stop integration-led breaches appeared first on Help Net Security.

Attackers have launched a widespread campaign called ClickFix that steals Facebook account credentials by tricking users into handing over their session tokens. Rather than using complex malware or software exploits, the attack relies on social engineering to guide victims through a fake verification process. This campaign has grown significantly since early 2025 and continues to […]

The post New ClickFix Campaign Hijacks Facebook Sessions Using Fake Verification Pages appeared first on Cyber Security News.

You must login to view this content

You must login to view this content