Aggregator

You must login to view this content

You must login to view this content

U.S. authorities have pulled back the curtain on “r1z,” an initial access broker who quietly sold gateways into corporate networks around the world. Operating across popular cybercrime forums, he offered stolen VPN credentials, remote access to enterprise environments, and custom tools designed to bypass security controls. His activity fed the ransomware supply chain by giving […]

The post Researchers Detailed r1z Initial Access Broker OPSEC Failures appeared first on Cyber Security News.

Day One of Pwn2Own Automotive 2026, which delivered $516,500 USD for 37 zero-days, the event has now accumulated $955,750 USD across 66 unique vulnerabilities, demonstrating the automotive sector’s substantial attack surface. The competition showcased exploits targeting multiple vehicle subsystems, including in-vehicle infotainment (IVI) systems, EV charging stations, and embedded Linux environments. Researchers successfully demonstrated command […]

The post Hackers Earned $516,500 for 37 Unique 0-day Vulnerabilities – Pwn2Own Automotive 2026 appeared first on Cyber Security News.

A critical authentication bypass vulnerability in SmarterTools SmarterMail is actively being exploited in the wild by attackers, according to security researchers at watchTowr Labs. The vulnerability, tracked as WT-2026-0001, allows unauthenticated attackers to reset the system administrator password without any validation, leading to complete system takeover. The flaw exists in the ForceResetPassword API endpoint, which is designed […]

The post Attackers Reverse‑Engineer Patch to Exploit SmarterMail Admin Bypass in the Wild appeared first on Cyber Security News.