Microsoft patches Exchange Server zero-day exploited in attacks

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web ...
The Hacker News

Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now

Google released security updates for 74 Chrome vulnerabilities, including CVE-2026-11645, a high-severity V8 out-of-bounds ...
AARP

Medicare Trust Fund Still Faces Shortfall in 7 Years, 2026 Report Says

Reserves in the hospital trust fund, built up over decades, are forecast to be depleted in 2033 — but one quarter earlier ...

Access Louisville: 'Boomerangs' can help Louisville grow its population

Attracting former residents back to Louisville — boomerangs, as they're known — could potentially be a way to increase the ...
The Hacker News

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.
The Caledonian-Record

Saudi Arabia to Launch Inaugural Saudi Water Week, Reinforcing Global Water Leadership

JEDDAH, SA / ACCESS Newswire / June 10, 2026 / The Saudi Ministry of Environment, Water and Agriculture is preparing to ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
The Caledonian-Record

Southco Launches Next-Gen Liquid Cooling Access Solutions at COMPUTEX 2026

HONG KONG SAR - Media OutReach Newswire - 2 June 2026 - Southco Asia Ltd., a subsidiary of Southco Inc., the global leader in ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...

Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...