CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
CoinDesk

The $292 million Kelp exploit: how it happened, and what it means for DeFi

DeFi's "worst year in terms of hacks," Ledger's CTO said, as the Kelp exploit shows how a single point of failure can cascade ...
Crypto Briefing

KelpDAO bridge hack drains $292M in largest DeFi exploit of 2026

KelpDAO's bridge hack drained $292M, marking the largest DeFi exploit of 2026; Ethereum's price dip to $2,300 is now at 100% ...
CoinDesk

LayerZero blames Kelp's setup for $290 million exploit, attributes it to North Korea's Lazarus

LayerZero said the attackers compromised two RPC nodes the company's verifier relied on and DDoS'd the rest, with the attack ...
BeInCrypto

LayerZero Ties KelpDAO Exploit to Lazarus Subgroup TraderTraitor

LayerZero attributes the $290M KelpDAO exploit to North Korea's TraderTraitor, citing RPC-poisoning as the attack vector.
BeInCrypto

Justin Sun Offers to Negotiate With KelpDAO Hacker After $292 Million Exploit

Justin Sun publicly offered to negotiate with the KelpDAO bridge hacker. The exploit drained 116,500 rsETH and created bad ...

Vercel confirms breach as hackers claim to be selling stolen data

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems ...
PCMag on MSN

I Asked AI to Create Passwords. Here's Why I'll Never Do That Again

They may look complex, but AI-generated passwords often follow predictable patterns that hackers can exploit. I'll show you ...
Dark Reading

North Korea Uses ClickFix to Target macOS Users' Data

North Korea's Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials ...
Live Science on MSN

Hackers used Claude and ChatGPT to steal hundreds of millions of Mexican government records

A group of hackers used both Claude Code and ChatGPT in a cybersecurity hack that lasted two and a half months.