security researchers
Coverage of security researchers in the Nexus archive.
- Microsoft says it will not pursue security researchers after zero-day backlash
Microsoft stated it will not take legal action against security researchers conducting or publishing their research, following backlash over a zero-day issue. The company emphasized it takes feedback seriously and clarified its approach to legal matters.
- A security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers’ driver’s licenses
Pay Tel, a prison pay phone service, experienced a security lapse that publicly exposed over 300K callers' driver's licenses. Security researchers discovered the leak, which included sensitive ID documents and inmate communications, prompting Pay Tel to secure the data.
- Security researchers flag ongoing Stake DAO exploit after attacker mints trillions of vsdCRV
Security researchers have identified an ongoing exploit targeting Stake DAO, where an attacker minted 5.4 trillion vsdCRV on Arbitrum and is actively converting the tokens into ether.
- Nearly every Linux system built since 2017 vulnerable to ‘Copy Fail’ flaw
Nearly every Linux system built since 2017 is vulnerable to the 'Copy Fail' flaw, which has been present for nearly a decade. Security researchers and European cybersecurity officials are urging administrators to address the risk.
- Lazarus-linked macOS malware hits crypto and fintech firms
Security researchers identified a new macOS malware called 'Mach-O Man' linked to the Lazarus hacking group, targeting cryptocurrency and fintech companies to steal credentials and infiltrate corporate systems.
- Lazarus-linked macOS malware hits crypto and fintech firms
Security researchers have linked a new macOS malware called 'Mach-O Man' to a Lazarus cyber campaign. The malware uses fake meeting invites and ClickFix prompts to steal credentials and access systems in crypto and fintech firms.
- Anthropic’s Alarming Mythos Findings Replicated With Off-the-Shelf AI, Researchers Say
Security researchers replicated Anthropic's Mythos vulnerability findings using GPT-5.4 and Claude Opus 4.6 in an open-source setup, achieving results for under $30 per scan. The findings highlight the accessibility of AI tools for security analysis.
- Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researcher says
A design flaw in Anthropic's Model Context Protocol (MCP) could expose up to 200,000 servers to potential takeover, according to security researchers. The flaw, described as either a bug or intentional but poor design, allows for unauthorized access or control.
- Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse
Security researchers discovered a vulnerability in Apple Intelligence, allowing attackers to hijack the AI system via prompt injection. This could put millions of users at risk, though the situation could have been worse.
- Hack-for-hire group caught targeting Android devices and iCloud backups
A hack-for-hire group was exposed for using Android spyware and phishing to steal iCloud credentials. Security researchers uncovered the spying campaign targeting victims' devices.
- 13-year-old bug in ActiveMQ lets hackers remotely execute commands
A critical remote code execution vulnerability in Apache ActiveMQ Classic, undetected for 13 years, allows hackers to execute arbitrary commands remotely. Security researchers have identified the flaw, raising concerns about potential exploitation of the outdated system.