Lucene search
K

20900 matches found

The Hacker News
The Hacker News
added 2026/03/23 1:14 p.m.14 views

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down...

10CVSS7.4AI score0.98191EPSS
Exploits54
The Hacker News
The Hacker News
added 2026/03/23 11:55 a.m.7 views

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/23 10:55 a.m.4 views

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/23 8:31 a.m.10 views

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4,...

9.4CVSS6.2AI score0.60368EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/03/23 6:15 a.m.7 views

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance SMA, according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that's consiste...

10CVSS6AI score0.02417EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/03/21 1:17 p.m.8 views

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications CMAs like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/21 10:24 a.m.6 views

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992 , carries a CVSS score of 9.8 out of a maximum of 10.0. "This...

9.8CVSS8.1AI score0.88312EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/03/21 8:25 a.m.8 views

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/21 8:25 a.m.18 views

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities KEV catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities that have come under...

10CVSS7.5AI score0.99803EPSS
Exploits21
The Hacker News
The Hacker News
added 2026/03/20 5:47 p.m.6 views

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/20 3:15 p.m.6 views

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 CVSS score: 9.3, is a case of missing...

9.8CVSS8.6AI score0.9999EPSS
Exploits52
The Hacker News
The Hacker News
added 2026/03/20 10:57 a.m.11 views

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/20 10:0 a.m.5 views

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Artificial Intelligence AI is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/20 9:30 a.m.8 views

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/20 6:25 a.m.8 views

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

The U.S. Department of Justice DoJ on Thursday announced the disruption of command-and-control C2 infrastructure used by several Internet of Things IoT botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation. The effort also saw authorities from...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/20 5:16 a.m.10 views

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/19 7:16 p.m.8 views

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. "Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a Cobra DocGuard...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/19 6:52 p.m.7 views

54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

A new analysis of endpoint detection and response EDR killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver BYOVD by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusions as they offer a way...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/19 2:25 p.m.11 views

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well it lands. Other bits fe...

9.8CVSS6.7AI score0.99999EPSS
Exploits42
The Hacker News
The Hacker News
added 2026/03/19 12:43 p.m.10 views

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover DTO and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a "more...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/19 10:58 a.m.5 views

How Ceros Gives Security Teams Visibility and Control in Claude Code

Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls. Claude Code, Anthropic's AI coding agent, is now running acros...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/19 9:14 a.m.8 views

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group GTIG, iVerify, and Lookout. According to GTIG, multiple commercial surveillance vendors...

8.8CVSS7.9AI score0.22721EPSS
Exploits16
The Hacker News
The Hacker News
added 2026/03/19 6:5 a.m.10 views

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite ZCS and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vulnerabilities in...

10CVSS7.5AI score0.57793EPSS
Exploits14
The Hacker News
The Hacker News
added 2026/03/18 5:26 p.m.8 views

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea DPRK information technology IT worker scheme with an aim to defraud U.S. businesses and generate illicit...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/18 4:0 p.m.10 views

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center FMC Software. The vulnerability in question is CVE-2026-20131 CVSS score: 10.0, a case of insecure...

10CVSS7.1AI score0.27551EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/03/18 12:30 p.m.20 views

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE

Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon telnetd that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746 , carries a CVSS score...

9.8CVSS8.5AI score0.98871EPSS
Exploits69
The Hacker News
The Hacker News
added 2026/03/18 11:58 a.m.9 views

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/18 11:42 a.m.9 views

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

Cybersecurity researchers have warned about the risks posed by low-cost IP KVM Keyboard, Video, Mouse over Internet Protocol devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium , span four different products from GL-iNet...

9.8CVSS6.8AI score0.01424EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/03/18 10:30 a.m.11 views

Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels

Security teams today are not short on tools or data. They are overwhelmed by both. Yet within the terabytes of alerts, exposures, and misconfigurations – security teams still struggle to understand context: Q: Which exposures, misconfigurations, and vulnerabilities chain together to create viable...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/18 8:8 a.m.18 views

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 CVSS score: 7.8, the issue could allow an attacker to seize control of a susceptible system. "This flaw...

7.8CVSS6.3AI score0.00383EPSS
Exploits7
The Hacker News
The Hacker News
added 2026/03/18 6:31 a.m.22 views

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 CVSS score: N/A, has been described as a cross-origin issue in WebKit's Navigation API that could be...

8.8CVSS6AI score0.10593EPSS
Exploits16
The Hacker News
The Hacker News
added 2026/03/17 4:39 p.m.10 views

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence AI code execution environments using domain name system DNS queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's...

9.8CVSS7.8AI score0.01534EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/03/17 2:34 p.m.4 views

LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader

The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure fro...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/17 11:30 a.m.8 views

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, examines how...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/17 9:53 a.m.9 views

Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware

North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/17 5:23 a.m.7 views

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-47813 CVSS score: 4.3, is an information...

10CVSS7.9AI score0.95343EPSS
Exploits24
The Hacker News
The Hacker News
added 2026/03/16 7:37 p.m.7 views

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/16 2:17 p.m.24 views

⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More

Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling. This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real...

9.9CVSS7.8AI score0.6906EPSS
Exploits43
The Hacker News
The Hacker News
added 2026/03/16 11:58 a.m.4 views

Why Security Validation Is Becoming Agentic

If you run security at any reasonably complex organization, your validation stack probably looks something like this: a BAS tool in one corner. A pentest engagement, or maybe an automated pentesting product, in another. A vulnerability scanner feeding an attack surface management platform somewhe...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/16 11:41 a.m.6 views

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands –...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/16 9:7 a.m.7 views

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted b...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/16 5:43 a.m.8 views

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Google is testing a new security feature as part of Android Advanced Protection Mode AAPM that prevents certain kinds of apps from using the accessibility services API. The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week. AAPM was introduced by Google ...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/14 4:17 p.m.10 views

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

China's National Computer Network Emergency Response Technical Team CNCERT has issued a warning about the security risks stemming from the use of OpenClaw formerly Clawdbot and Moltbot, an open-source and self-hosted autonomous artificial intelligence AI agent. In a post shared on WeChat, CNCERT...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/14 12:55 p.m.9 views

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/13 5:33 p.m.9 views

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware

A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087 , where CL refers to cluster, and...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/13 5:9 p.m.11 views

Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026

Meta has announced plans to discontinue support for end-to-end encryption E2EE for chats on Instagram after May 8, 2026. "If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep," the social media giant said ...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/13 3:20 p.m.7 views

INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime

INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams. The effor...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/13 1:38 p.m.10 views

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network VPN clients distributed through search engine optimization SEO poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/13 1:28 p.m.10 views

Investigating a New Click-Fix Variant

Disclaimer : This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/13 9:17 a.m.7 views

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The list of vulnerabilities is as follows - CVE-2026-3909 CVSS score: 8.8 - An out-of-bounds write vulnerability in the Skia 2D graphi...

8.8CVSS6.7AI score0.2202EPSS
Exploits13
Total number of security vulnerabilities20900