Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
Hacker

The DDoS of Human Attention: Why cURL Killed Its Bug Bounty (And What It Means for DevOps)

Enjoys fixing messy problems with clean code, good questions and the occasional AI assist.
Bleeping Computer

Hackers exploit 29 zero-days on second day of Pwn2Own Automotive

On the second day of Pwn2Own Automotive 2026, security researchers collected $439,250 in cash awards after exploiting 29 unique zero-days. The Pwn2Own Automotive hacking contest focuses on automotive ...
The Hacker News

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, ...
GitHub

Cloudflare ACME Challenge WAF Bypass Scanner

├── scanner.py # Entry point (CLI) ├── core/ │ ├── scanner.py # CloudflareScanner class │ ├── oast.py # OAST client & server │ ├── poc_generator.py # Auto POC generation │ └── llm_analyzer.py # AI ...
IEEE

Good News for Script Kiddies? Evaluating Large Language Models for Automated Exploit Generation

Abstract: Large Language Models (LLMs) have demonstrated remarkable capabilities in code-related tasks, raising concerns about their potential for automated exploit generation (AEG). This paper ...