Lucene search
K

20893 matches found

The Hacker News
The Hacker News
added 2026/05/07 1:34 p.m.14 views

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 CVSS score: 9.3/8.7, a buffer overflow vulnerability in the User-ID Authentication...

9.8CVSS7.1AI score0.32074EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/05/07 11:33 a.m.19 views

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like...

10CVSS6.5AI score0.03678EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/05/07 10:54 a.m.20 views

Day Zero Readiness: The Operational Gaps That Break Incident Response

Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do. That...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/07 9:20 a.m.20 views

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

Cybersecurity researchers have discovered three packages on the Python Package Index PyPI repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/07 4:15 a.m.17 views

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox...

10CVSS8.2AI score0.01186EPSS
Exploits12
The Hacker News
The Hacker News
added 2026/05/06 8:21 p.m.13 views

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabsv1 and targets internet-exposed devices running Android Debug Bridge ADB to enlist them in a network capable of carrying out distributed denial-of-service DDoS attacks. Hunt.io, which detailed the...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/06 1:0 p.m.15 views

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

The Iranian state-sponsored hacking group known as MuddyWater aka Mango Sandstorm, Seedworm, and Static Kitten has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/06 12:3 p.m.12 views

The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open

For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, teams building smarter defenses, and...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/06 10:57 a.m.18 views

Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?

Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/06 9:13 a.m.13 views

Google's Android Apps Get Public Verification to Stop Supply Chain Attacks

Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute," Google's product and security teams said. The initiati...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/06 8:34 a.m.12 views

Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs

Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool RAT and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. "According to the functionalities of the CloudZ RAT and Pheno plugin, this was...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/06 6:14 a.m.21 views

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300 , has been described as a case of unauthenticated remote code execution. It carries a CVSS score of...

9.3CVSS6.8AI score0.32074EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/05/05 4:19 p.m.17 views

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

The Apache Software Foundation ASF has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution RCE. The vulnerability, tracked as CVE-2026-23918 CVSS score: 8.8, has been...

8.8CVSS6.5AI score0.4581EPSS
Exploits16
The Hacker News
The Hacker News
added 2026/05/05 4:7 p.m.15 views

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. "These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belongin...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/05 2:19 p.m.11 views

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A sophisticated China-nexus advanced persistent threat APT group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302 ,...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/05 11:58 a.m.28 views

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don't see it. Yo...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/05 11:56 a.m.11 views

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system CMS known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 CVSS score: 9.8, a code injection flaw that could result in arbitrary...

9.8CVSS6.8AI score0.39688EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/05/05 10:30 a.m.16 views

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/05 9:7 a.m.11 views

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. While prior versions of the backdoor hav...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/05 7:37 a.m.14 views

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

A critical security vulnerability in Weaver Fanwei E-cology, an enterprise office automation OA and collaboration platform, has come under active exploitation in the wild. The vulnerability CVE-2026-22679 , CVSS score: 9.8 relates to a case of unauthenticated remote code execution affecting Weave...

9.8CVSS6.8AI score0.2148EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/05/05 6:35 a.m.11 views

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, observed between Apri...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/04 6:6 p.m.17 views

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management RMM software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUSHELPER , has impacted over 80...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/04 4:34 p.m.15 views

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation formerly Central is a secure, server-based managed file transfer MFT solution used to schedule and automate file...

9.8CVSS5.9AI score0.05633EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/05/04 2:23 p.m.23 views

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to...

9.9CVSS8AI score0.981EPSS
Exploits324
The Hacker News
The Hacker News
added 2026/05/04 11:58 a.m.16 views

2026: The Year of AI-Assisted Attacks

On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young man shared his...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/04 11:57 a.m.14 views

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

The China-based cybercrime group known as Silver Fox aka Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/04 9:27 a.m.13 views

Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers MSPs and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the recently disclosed...

9.8CVSS6.4AI score0.981EPSS
Exploits64
The Hacker News
The Hacker News
added 2026/05/04 5:59 a.m.8 views

Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M

A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led by the Dubai...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/03 6:26 a.m.16 views

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as...

7.8CVSS6.6AI score0.96267EPSS
Exploits230
The Hacker News
The Hacker News
added 2026/05/02 6:41 a.m.11 views

Trellix Confirms Source Code Breach With Unauthorized Repository Access

Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to resolve the matter...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/01 6:9 p.m.9 views

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/01 2:26 p.m.10 views

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC66...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/01 2:2 p.m.23 views

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat activity cluster it...

10CVSS7.2AI score0.99562EPSS
Exploits374
The Hacker News
The Hacker News
added 2026/05/01 10:30 a.m.7 views

Top Five Sales Challenges Costing MSPs Cybersecurity Revenue

The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 20301, with cybersecurity being the fastest-growing sector2. Despite this opportunity, many MSPs leave revenue on the table because their go-to-market strategy fails to connect technical...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/01 9:56 a.m.8 views

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

The U.S. Department of Justice DoJ on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg , 40, of Georgia, and Kevin Martin , 36, of Texas, were accused of deploying th...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/01 9:43 a.m.10 views

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account "BufferZoneCorp ," which h...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/30 4:31 p.m.16 views

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/30 1:55 p.m.29 views

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online. Security is...

10CVSS8AI score0.99999EPSS
Exploits125
The Hacker News
The Hacker News
added 2026/04/30 12:36 p.m.21 views

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEPDOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batc...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/30 11:30 a.m.6 views

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center TRC in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/30 9:24 a.m.11 views

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

Cybersecurity researchers have disclosed details of a Linux local privilege escalation LPE flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 CVSS score: 7.8 has been codenamed Copy Fail by Xint.io and Theori. "An unprivilege...

7.8CVSS7.1AI score0.96267EPSS
Exploits329
The Hacker News
The Hacker News
added 2026/04/30 7:7 a.m.7 views

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerability allowed an...

9.9CVSS7AI score0.0049EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/04/29 4:26 p.m.11 views

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calli...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/29 2:43 p.m.11 views

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model LLM. The package in question is "@validate-sdk/v2," which is listed on npm as a utility software development kit SDK...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/29 12:2 p.m.9 views

Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren't just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/29 11:30 a.m.9 views

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: "So, are we actually safer now?" Crickets. The room goes quiet because an honest answer requires contex...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/29 9:37 a.m.12 views

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions of cPanel and WebHost Manager WHM, according to an alert...

9.8CVSS6.3AI score0.981EPSS
Exploits64
The Hacker News
The Hacker News
added 2026/04/29 8:46 a.m.10 views

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below -...

8.4CVSS9.5AI score0.87624EPSS
Exploits8
The Hacker News
The Hacker News
added 2026/04/29 5:34 a.m.17 views

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as...

9.8CVSS6.2AI score0.86607EPSS
Exploits7
The Hacker News
The Hacker News
added 2026/04/28 6:19 p.m.8 views

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 CVSS score: 8.7, is a...

8.8CVSS7.3AI score0.35858EPSS
Exploits5
Total number of security vulnerabilities20893