Lucene search
K

20902 matches found

The Hacker News
The Hacker News
added 2026/04/01 12:36 p.m.4 views

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro aka Metamorfo via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor track...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/01 11:42 a.m.16 views

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 CVSS score: N/A, concerns a use-after-free bug in Dawn, an open-source and...

8.8CVSS7.5AI score0.2202EPSS
Exploits13
The Hacker News
The Hacker News
added 2026/04/01 10:58 a.m.5 views

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/01 7:44 a.m.6 views

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John Hultquist, chief analy...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/01 6:12 a.m.7 views

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence AI coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/31 6:28 p.m.6 views

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesi...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/31 4:3 p.m.10 views

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 CVSS score: 7.8, a lack of integrity...

7.8CVSS6.3AI score0.0575EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/03/31 1:9 p.m.5 views

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence AI agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment. According to...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/31 11:50 a.m.4 views

The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority

The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/31 11:46 a.m.4 views

Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains

Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. "The operation covers VPN clients, encrypted messengers, video conferencing tools,...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/31 6:8 a.m.26 views

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and 0.30.4 of Axios have been found to...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/30 6:5 p.m.7 views

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel,...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/30 3:47 p.m.3 views

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captur...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/30 1:56 p.m.16 views

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's a bit of everythi...

10CVSS7.4AI score0.99997EPSS
Exploits124
The Hacker News
The Hacker News
added 2026/03/30 1:0 p.m.6 views

3 SOC Process Fixes That Unlock Tier 1 Productivity

What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier ...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/30 12:18 p.m.4 views

Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut LNK files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables" to...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/30 11:30 a.m.5 views

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated.GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year an...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/30 7:0 a.m.4 views

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN aka USBFect, MISTCLOAK...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/28 3:40 p.m.8 views

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation FBI, and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website th...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/28 9:11 a.m.9 views

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 CVSS score: 9.3, refers to a case of insufficient input validation leading to...

9.8CVSS7.3AI score0.99999EPSS
Exploits41
The Hacker News
The Hacker News
added 2026/03/28 7:7 a.m.22 views

TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/28 7:7 a.m.8 views

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager APM to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 CVSS v4...

9.8CVSS6.6AI score0.02213EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/03/27 5:22 p.m.9 views

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date iOS software,...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/27 4:53 p.m.11 views

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index PyPI repository on March...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/27 1:57 p.m.10 views

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code VS Code extension to pass the vetting process and go live in the registry. "The pipeline had a single boolea...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/27 12:3 p.m.5 views

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Threat actors are using adversary-in-the-middle AitM phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actor...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/27 11:0 a.m.8 views

We Are At War

Rising geopolitical tensions are reflected or in some cases preceded by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it. Introduction: One tech power to rule them all is a thing of the past The relative safety, peace and prosperity that...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/27 10:4 a.m.4 views

Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. "Bearlyfy also known as...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/27 8:7 a.m.8 views

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build...

9.8CVSS6.2AI score0.9999EPSS
Exploits61
The Hacker News
The Hacker News
added 2026/03/26 5:40 p.m.8 views

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/26 1:12 p.m.5 views

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s where things get shaky. A control exist...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/26 1:11 p.m.13 views

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if the user wrote them,...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/26 11:58 a.m.4 views

Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit masterworks of Picasso,...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/26 11:45 a.m.8 views

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everything in this one, too. Weird delivery...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/26 11:7 a.m.7 views

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks

The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. "When Coruna was first...

7.8CVSS7.3AI score0.51517EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/03/26 6:53 a.m.4 views

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/25 5:35 p.m.8 views

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspe...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/25 2:26 p.m.5 views

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan RAT, which deploys an information-stealing Google Chrome extension masquerading as an offline version of...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/25 11:58 a.m.6 views

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/25 11:52 a.m.7 views

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

The U.S. Department of Justice DoJ said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/25 11:34 a.m.10 views

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, wit...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/25 7:11 a.m.12 views

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

The U.S. Federal Communications Commission FCC said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/24 6:21 p.m.10 views

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors,...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/24 5:5 p.m.8 views

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/24 4:36 p.m.5 views

5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the shor...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/24 4:35 p.m.8 views

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/24 12:1 p.m.7 views

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/24 12:0 p.m.4 views

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/24 10:38 a.m.12 views

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company...

9.4CVSS6.4AI score0.60368EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/03/24 6:49 a.m.6 views

U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage

A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years 81 months in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Departme...

5.8AI score
Exploits0
Total number of security vulnerabilities20902