Lucene search
K

20901 matches found

The Hacker News
The Hacker News
added 2026/03/05 6:34 a.m.10 views

FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials

A joint law enforcement operation has dismantled LeakBase , one of the world's largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. The LeakBase forum, per the U.S. Department of Justice DoJ, had over 142,000 members and more than 215,000 messages between...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/04 5:21 p.m.14 views

149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict

Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion. "The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, drivi...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/04 1:28 p.m.15 views

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google said it identified a "new and powerful" exploit kit dubbed Coruna aka CryptoWaters targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group GTIG said. It's...

9.3CVSS7.5AI score0.51517EPSS
Exploits16
The Hacker News
The Hacker News
added 2026/03/04 11:30 a.m.5 views

New RFP Template for AI Usage Control and AI Governance 

As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but they have no idea what they are actuall...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/04 9:37 a.m.8 views

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan RAT that's functional on Windows, macOS, and Linux systems. The names of the packages are listed below - nhattuanbl/lara-helper...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/04 8:14 a.m.9 views

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

Cybersecurity researchers have disclosed details of an advanced persistent threat APT group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. "Silver Dragon gains its initial access by exploiting public-facing...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/04 4:35 a.m.9 views

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities KEV catalog, citing active exploitation in the wild. The high-severity vulnerability, CVE-2026-22719...

8.1CVSS8AI score0.17424EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/03/03 5:15 p.m.9 views

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control C2 framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/03 2:30 p.m.9 views

Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow

Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive a...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/03 2:29 p.m.10 views

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries

The threat actor behind the recently disclosed artificial intelligence AI-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/03 11:30 a.m.13 views

AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged

The Rise of MCPs in the Enterprise The Model Context Protocol MCP is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrieve information, take action, and automa...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/03 11:10 a.m.12 views

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication MFA protections. It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/03 9:20 a.m.9 views

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/03 7:8 a.m.17 views

Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited

Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question is CVE-2026-21385 CVSS score: 7.8, a buffer over-read in the Graphics component. "Memory corruption when...

9.8CVSS7.6AI score0.01068EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/03/03 6:53 a.m.10 views

SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/02 5:8 p.m.11 views

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 CVSS score: 8.8, has been described as a case of...

8.8CVSS6.3AI score0.06545EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/03/02 4:52 p.m.10 views

Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/02 1:26 p.m.26 views

⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More

This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points. The pattern becomes clear only...

10CVSS6.6AI score0.98871EPSS
Exploits111
The Hacker News
The Hacker News
added 2026/03/02 11:55 a.m.10 views

How to Protect Your SaaS from Bot Attacks with SafeLine WAF

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server cos...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/02 10:36 a.m.6 views

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 CVSS score: 8.8, a high-severity security feature bypass affecti...

8.8CVSS7.5AI score0.72152EPSS
Exploits12
The Hacker News
The Hacker News
added 2026/03/02 8:44 a.m.7 views

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actua...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/28 5:21 p.m.11 views

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence AI agent and take over control. "Our vulnerability lives in the core system itself – no plugins, no marketplace, no...

8.8CVSS6.6AI score0.04773EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/02/28 9:56 a.m.16 views

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/28 4:57 a.m.16 views

Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence AI upstart as a "supply chain risk." "This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of o...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/27 6:11 p.m.11 views

DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

The U.S. Department of Justice DoJ this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/27 5:59 p.m.8 views

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in...

8.6CVSS6.6AI score0.84618EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/02/27 3:33 p.m.10 views

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github.com/xinfeisoft/crypto, impersonates the legitimate "golang.org/x/crypto" codebase, bu...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/27 12:43 p.m.9 views

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control C2 communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. T...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/27 10:6 a.m.9 views

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan RAT. "A malicious downloader staged a portable Java runtime and executed a malicious Java archive JAR file named...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/27 7:56 a.m.10 views

Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams

Meta on Thursday said it's taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam. As part of the effort, the advertisers' methods of payment have been suspended, related accounts have been disabled,...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/26 6:0 p.m.18 views

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control C2 infrastructure to make it resilient to takedown efforts. "Instead of relying on traditional servers or domains for command-and-control, Aeternum stores it...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/26 3:17 p.m.6 views

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/26 2:28 p.m.16 views

ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder...

10CVSS7.2AI score0.99654EPSS
Exploits66
The Hacker News
The Hacker News
added 2026/02/26 12:6 p.m.20 views

Expert Recommends: Prepare for PQC Right Now

Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extortion generated funding for a complex a...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/26 10:35 a.m.9 views

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. "The activity aligns with a broader cluster of threats that...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/26 10:9 a.m.11 views

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/26 6:13 a.m.19 views

Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller formerly vSmart and Catalyst SD-WAN Manager formerly vManage has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vulnerability, tracked as CVE-2026-20127 CVSS...

10CVSS7.2AI score0.57793EPSS
Exploits11
The Hacker News
The Hacker News
added 2026/02/25 5:46 p.m.13 views

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/25 5:0 p.m.10 views

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence AI-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities exploit various configuration mechanisms,...

8.8CVSS7.5AI score0.30227EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/02/25 3:6 p.m.7 views

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters SLH has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. T...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/25 2:30 p.m.8 views

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/25 12:43 p.m.9 views

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/25 11:0 a.m.9 views

Manual Processes Are Putting National Security at Risk

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and governme...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/25 8:49 a.m.9 views

Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guil...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/25 7:4 a.m.10 views

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access...

10CVSS6.9AI score0.99614EPSS
Exploits10
The Hacker News
The Hacker News
added 2026/02/25 5:23 a.m.11 views

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 CVSS v4 score: 8.7, is a case of...

8.8CVSS6.5AI score0.04974EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/02/24 6:52 p.m.8 views

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence AI-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patche...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/24 2:21 p.m.11 views

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/24 11:58 a.m.9 views

Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/24 11:52 a.m.11 views

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

The North Korea-linked Lazarus Group aka Diamond Sleet and Pompilus has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it...

5.8AI score
Exploits0
Total number of security vulnerabilities20901