The Hacker News

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

CVE-2025-32975 exploited since March 2026 on unpatched KACE SMA systems, enabling admin takeover and payload delivery.
Amazon S3 on MSN

Spawning Baldi Basics using these secret Roblox admin commands

Poke spawns Baldi from Baldi’s Basics using admin commands.
Amazon S3 on MSN

Using insane admin commands to nuke every Roblox rap battle

Poke unleashes powerful admin commands to nuke everyone in intense Roblox rap battles.
Forbes

New ‘Powerful’ iOS Attack Warning Issued To Millions Of iPhone Users

An iOS warning has been issued by researchers after they discovered “a new and powerful” exploit kit targeting Apple iPhone models running iOS version 13 to 17.2.1. An iOS warning has been issued by ...
Bleeping Computer

WordPress membership plugin bug exploited to create admin accounts

Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. Developed by WPEverest, the plugin provides ...
GitHub

Command Injection in Cloud Compliance Scanning in HummerRisk

Project: HummerRisk Repository: https://github.com/HummerRisk/HummerRisk Affected Version: <=1.5.0 Affected Component: Cloud compliance scanning module A critical ...
The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of ...