HackingPassion.comSecurity News
105 posts
Hackers are hijacking NGINX web servers and rerouting live traffic through their own infrastructure. No malware installed, no vulnerability exploited. Just a …
32 years. That is how long it took Microsoft to disable NTLM, the protocol that handles Windows login authentication. A broken system linked to $10 billion in …
eScan antivirus got hacked. Again. Same company, same update infrastructure exploited, two years apart. This time: hundreds of machines infected in a 2-hour …
Notepad++ delivered malware for six months. From June to December 2025, the update system was compromised. Millions of people use this software. Some of them …
How the Moltbook Database Breach Exposed 770,000 AI Agents Moltbook, the social network exclusively for AI agents, had its entire database wide open. 770,000 …
Three names in four days! This AI assistant was Clawdbot, then Moltbot, and now OpenClaw. 1,800 exposed instances leaking API keys, passwords, and private …
175,000 AI servers wide open to the internet. 130 countries. Attackers are selling access to other people’s hardware at a 50% discount, and using it for …
An AI just found 12 zero-day vulnerabilities in OpenSSL. All 12. In a single release. One of those bugs is older than OpenSSL itself, sitting in the code since …
Microsoft pushed one security update. It broke at least 10 different things. 114 security fixes. Two emergency patches. PCs that won’t boot. Outlook that …
Microsoft Office zero-day actively exploited. Every version from 2016 to 365, including LTSC 2021 and 2024, over 400 million users. Attackers bypass all the …
Two VSCode extensions with 1.5 million installs are stealing source code right now, not last month. Researchers published their findings on January 22. Three …
It’s 2026 and attackers are still getting root shells via Telnet with a single command that requires no password whatsoever. 😏 SSH has existed for 31 …
Attackers found a way to hijack legitimate apps in the Snap Store. 7000 packages. Millions of Linux users. One victim already lost 9 Bitcoin. That was $490,000. …
A fake SymPy package deploys XMRig cryptominers on Linux machines. The malware hides inside polynomial functions. It only activates when you do math. Over 1,000 …
One developer just built 88,000 lines of advanced malware in six days using AI. A single person with an AI coding assistant created a framework sophisticated …
Cracking Windows domain admin passwords just got simple. A massive set of rainbow tables just went public, a $600 laptop is enough, and it takes 12 hours max. …
Your browser extension logo just became malware. Not the code. The actual image file. A PNG icon sitting in your toolbar, looking normal, hiding JavaScript that …
GootLoader is back. This week, researchers discovered their newest trick: a way to make security tools completely blind. Your antivirus scans the ZIP file. …
Netflix. Twitch. iCloud. The servers of the CIA and NSA. 30% of all cloud infrastructure worldwide runs on Amazon Web Services. Two missing characters in a …
Someone sends you an audio message. You don’t open it, you don’t play it, you don’t even look at your phone. And you’re already hacked. …
January 13, 2026. Microsoft patches a vulnerability in Copilot that let attackers steal personal data with a single click. The security bypass that worked for …
In January 2026, Microsoft had already patched 114 vulnerabilities! Four modem drivers deleted since October. Companies that wrote them: gone. Source code: …
SAP just patched four critical vulnerabilities SAP just patched four critical vulnerabilities. CVSS scores up to 9.9. One lets attackers run code with nothing …
Your iPhone can be compromised by loading a webpage. No click. No download. Just visit the wrong site. Apple patched this a month ago. Only 16% of users have …
A 52-year-old tape just revealed a buffer overflow that looks exactly like the bugs we’re still finding today. 😏 In July 2025, someone found a magnetic …
100,000 servers. One HTTP header change. Full admin access. No password required. They call it “Ni8mare.” CVSS 10.0. The patch existed for 7 weeks. …
Notion AI steals data before the user clicks OK. 100 million users. 4 million paying customers. Amazon. Nike. Uber. Pixar. More than half of Fortune 500 …
Two Chrome extensions. 900,000 users. Every ChatGPT and DeepSeek conversation stolen. Sent to attacker servers every 30 minutes. Google gave one of them a …
$5 buys two months of complete access to someone’s computer. Keylogging, webcam, passwords, files. The malware is called DCRat. The delivery method: a …
€7.68 billion budget. 3,000 staff. A brand new Cyber Security Operations Centre opened. A hacker spent 7 days inside their systems downloading 200GB of data. …