Lucene search
K

20899 matches found

The Hacker News
The Hacker News
added 2026/04/09 5:26 p.m.6 views

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit SDK called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/09 4:23 p.m.6 views

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations NGOs and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/09 12:57 p.m.10 views

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twic...

8.8CVSS7.5AI score0.96666EPSS
Exploits15
The Hacker News
The Hacker News
added 2026/04/09 11:31 a.m.7 views

The Hidden Security Risks of Shadow AI in Enterprises

As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls and...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/09 11:15 a.m.14 views

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON's Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact "Invoice540.pdf"...

9.6CVSS6.5AI score0.07086EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/04/09 10:40 a.m.4 views

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa MENA, according to findings from Access Now, Lookout, and SMEX. Two of the target...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/08 5:51 p.m.6 views

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

Cybersecurity researchers have flagged a new variant ofmalware called Chaos that'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure. "Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/08 4:30 p.m.9 views

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service DDoS attacks. Called Masjesu , the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of targeting a wide range of...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/08 1:50 p.m.11 views

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

The Russian threat actor known as APT28 aka Forest Blizzard and Pawn Storm has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model COM...

8.8CVSS7.3AI score0.72152EPSS
Exploits12
The Hacker News
The Hacker News
added 2026/04/08 11:30 a.m.6 views

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/08 9:16 a.m.11 views

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Artificial Intelligence AI company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos , to find and address security vulnerabilities. The model will be used by a small set of organizations, including...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/08 7:47 a.m.6 views

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer tooling ..., while quietly functioning as...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/08 4:23 a.m.11 views

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-affiliated cyber actors are targeting internet-facing operational technology OT devices across critical infrastructures in the U.S., including programmable logic controllers PLCs, cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to diminished PLC functionality,...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/07 4:48 p.m.10 views

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

The Russia-linked threat actor known as APT28 aka Forest Blizzard has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at...

6.5CVSS7AI score0.1745EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/04/07 4:29 p.m.7 views

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute , hundreds of applications within the typical enterprise...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/07 3:15 p.m.14 views

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins AuthZ under specific circumstances. The vulnerability, tracked as CVE-2026-34040 CVSS score: 8.8, stems from an incomplete fix for CVE-2024-41110, a...

9.9CVSS6.1AI score0.16496EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/04/07 12:46 p.m.12 views

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets,...

10CVSS7.6AI score0.99654EPSS
Exploits471
The Hacker News
The Hacker News
added 2026/04/07 11:30 a.m.5 views

The Hidden Cost of Recurring Credential Incidents

When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most security investments, but that headline...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/07 8:38 a.m.6 views

New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

New academic research has identified multiple RowHammer attacks against high-performance graphics processing units GPUs that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach , GDDRHammer, and GeForge. GPUBrea...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/07 6:35 a.m.19 views

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and...

10CVSS7.4AI score0.99999EPSS
Exploits135
The Hacker News
The Hacker News
added 2026/04/07 5:56 a.m.14 views

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

Threat actors are exploiting a maximum-severity security flaw in Flowise , an open-source artificial intelligence AI platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 CVSS score: 10.0, a code injection vulnerability that could result in remote cod...

10CVSS6.4AI score0.90183EPSS
Exploits25
The Hacker News
The Hacker News
added 2026/04/06 6:37 p.m.7 views

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/06 4:24 p.m.7 views

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People's Republic of Korea DPRK have been observed using GitHub as command-and-control C2 infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/06 1:0 p.m.4 views

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact that many SOC workflows are still...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/06 12:46 p.m.16 views

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What starts small can reach a lot of systems fast. New...

10CVSS6.1AI score0.99562EPSS
Exploits400
The Hacker News
The Hacker News
added 2026/04/06 11:45 a.m.7 views

How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers

The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the TeamPCP threat actor proved just how...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/06 10:7 a.m.5 views

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver BYOVD technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin attacks analyzed by Talos have...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/06 6:59 a.m.5 views

BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks

Germany's Federal Criminal Police Office aka BKA or the Bundeskriminalamt has unmasked the real identities of two of the key figures associated with the now-defunct REvil aka Sodinokibi ransomware-as-a-service RaaS operation. One of the threat actors, who went by the alias UNKN , functioned as a...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/05 6:25 p.m.7 views

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea DPRK that began in the fall of 2025. The Solana-based...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/05 5:7 a.m.9 views

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/05 4:32 a.m.9 views

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 CVSS score: 9.1, has been described as a pre-authentication API access bypass leading to privilege escalation...

9.8CVSS7.6AI score0.94085EPSS
Exploits9
The Hacker News
The Hacker News
added 2026/04/03 5:34 p.m.9 views

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416 , a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich,...

10CVSS7.2AI score0.99359EPSS
Exploits18
The Hacker News
The Hacker News
added 2026/04/03 3:32 p.m.5 views

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL parameters or request...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/03 11:4 a.m.8 views

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering effor...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/03 11:0 a.m.8 views

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/03 9:10 a.m.8 views

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, su...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/03 8:35 a.m.7 views

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/02 7:30 p.m.18 views

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services AWS secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos...

10CVSS7.2AI score0.99562EPSS
Exploits374
The Hacker News
The Hacker News
added 2026/04/02 3:21 p.m.4 views

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released updates to address a critical security flaw in the Integrated Management Controller IMC that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The vulnerability, tracked a...

9.8CVSS6.2AI score0.00991EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/04/02 12:45 p.m.10 views

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers...

9.8CVSS6.4AI score0.49424EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/04/02 11:42 a.m.7 views

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans RATs and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA Cost Per Action fraud, directing victims to...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/02 11:30 a.m.8 views

The State of Trusted Open Source Report

In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/02 9:51 a.m.5 views

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the targets are located in...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/02 7:9 a.m.3 views

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/01 4:10 p.m.7 views

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

The Computer Emergency Response Team of Ukraine CERT-UA has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors, tracked as UAC-0255 , sent...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/01 2:10 p.m.5 views

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script VBS files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/01 12:46 p.m.4 views

Block the Prompt, Not the Work: The End of "Doctor No"

There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/01 12:36 p.m.4 views

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro aka Metamorfo via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor track...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/01 11:42 a.m.16 views

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 CVSS score: N/A, concerns a use-after-free bug in Dawn, an open-source and...

8.8CVSS7.5AI score0.2202EPSS
Exploits13
The Hacker News
The Hacker News
added 2026/04/01 10:58 a.m.5 views

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate...

6.1AI score
Exploits0
Total number of security vulnerabilities20899