Lucene search
K

20902 matches found

The Hacker News
The Hacker News
added 2026/02/24 11:52 a.m.11 views

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

The North Korea-linked Lazarus Group aka Diamond Sleet and Pompilus has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/24 9:54 a.m.13 views

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and...

9.3CVSS7.6AI score0.93289EPSS
Exploits7
The Hacker News
The Hacker News
added 2026/02/24 6:4 a.m.10 views

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence AI companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/23 7:41 p.m.10 views

APT28 Targeted European Entities Using Webhook-Based Macro Malware

The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/23 5:59 p.m.16 views

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated,...

10CVSS7.2AI score0.99562EPSS
Exploits375
The Hacker News
The Hacker News
added 2026/02/23 1:0 p.m.25 views

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar. Across devices, cloud services, research labs, and ev...

10CVSS7.2AI score0.93289EPSS
Exploits32
The Hacker News
The Hacker News
added 2026/02/23 11:58 a.m.9 views

How Exposed Endpoints Increase Risk Across LLM Infrastructure

As more organizations run their own Large Language Models LLMs, they are also deploying more internal services and Application Programming Interfaces APIs to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/23 10:20 a.m.17 views

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft. The campaign has been codenamed SANDWORMMODE by supply...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/23 7:25 a.m.17 views

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

The Iranian hacking group known as MuddyWater aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST has targeted several organizations and individuals mainly located across the Middle East and North Africa MENA region as part of a new campaign codenamed Operation Olalampo. The activity, first observe...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/21 2:49 p.m.25 views

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence AI services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it...

9.8CVSS9.1AI score0.88193EPSS
Exploits7
The Hacker News
The Hacker News
added 2026/02/21 7:58 a.m.12 views

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

Artificial intelligence AI company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security , is currently available in a limited research preview to...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/21 7:21 a.m.14 views

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 CVSS...

9.9CVSS9.4AI score0.94741EPSS
Exploits30
The Hacker News
The Hacker News
added 2026/02/21 4:30 a.m.8 views

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security

With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethical Hacker CEH credential and a globa...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/20 3:45 p.m.12 views

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support RS and Privileged Remote Access PRA products to conduct a wide range of malicious actions, including deploying VShell and Spark RAT. The vulnerability, tracked as...

9.9CVSS8.2AI score0.88115EPSS
Exploits16
The Hacker News
The Hacker News
added 2026/02/20 2:20 p.m.10 views

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

In yet another software supply chain attack, the open-source, artificial intelligence AI-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM P...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/20 11:55 a.m.9 views

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware

Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan RAT called MIMICRAT aka AstarionRAT. "The campaign demonstrates a high level of operational sophistication: compromised...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/20 10:30 a.m.11 views

Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026

With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk. For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene,...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/20 9:52 a.m.9 views

Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case

A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information technology IT worker scheme. In November 2025, Oleksandr "Alexander" Didenko pleaded guilty to wire fraud conspiracy and aggravated identity...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/20 8:5 a.m.8 views

FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025

The U.S. Federal Bureau of Investigation FBI has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than $20 million in 2025. The agency said 1,900 ATM jackpotting incidents have been reported since 2020, out of which 700 took place last year. In...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/20 5:27 a.m.11 views

Former Google Engineers Indicted Over Trade Secret Transfers to Iran

Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali, 41, and her husband Mohammadjav...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/19 5:52 p.m.9 views

PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence

Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google's generative artificial intelligence AI chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/19 5:50 p.m.10 views

INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown

An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/19 5:40 p.m.10 views

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need...

8.8CVSS6AI score0.00803EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/02/19 2:35 p.m.19 views

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time. Some developments are headline-level. Others sit in the background but carry long-term impact...

9.8CVSS10AI score0.8404EPSS
Exploits14
The Hacker News
The Hacker News
added 2026/02/19 11:55 a.m.11 views

From Exposure to Exploitation: How AI Collapses Your Response Window

We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a "temporary" API key for testing and forgets to revoke it. In the past, these were minor operational risks, debts you’d eventually pay do...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/19 10:24 a.m.11 views

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover DTO attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activit...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/19 8:13 a.m.10 views

CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware

Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST , likely targeting supporters of Iran's ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit TRU said it observed the activity after January 9, with the...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/18 5:30 p.m.10 views

Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody

New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident's phone, making it the latest case of abuse of the technology targeting civil society. The...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/18 4:35 p.m.12 views

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329 , carries a CVSS score of 9.3 out of a maximum of 10.0. It has been...

9.3CVSS7.5AI score0.40014EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/02/18 1:16 p.m.8 views

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code VS Code extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively...

9.1CVSS6.6AI score0.00639EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/02/18 11:58 a.m.12 views

Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability

In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and compliance. In 2026, the seas are no longer calm between storms. Cybersecurity now unfolds in a state ...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/18 10:32 a.m.12 views

Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group GTIG. The activity...

10CVSS7.5AI score0.13131EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/02/18 10:30 a.m.8 views

3 Ways to Start Your Intelligent Workflow Program

Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn’t enough. 88% of AI proofs-of-concept never make it to production, even though 70% of workers...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/18 7:40 a.m.25 views

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...

7.7CVSS7.1AI score0.01268EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/02/18 6:52 a.m.11 views

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 CVSS score: 8.8 - A use-after-free...

9.8CVSS10AI score0.85416EPSS
Exploits22
The Hacker News
The Hacker News
added 2026/02/17 7:8 p.m.6 views

Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster

Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotat...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/17 6:8 p.m.10 views

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Cybersecurity researchers have disclosed that artificial intelligence AI assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control C2 relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/17 4:41 p.m.11 views

Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates

A new Android backdoor that's embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu , in the firmware of devices associated with...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/17 12:42 p.m.9 views

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol MCP server associated with Oura Health to deliver an information stealer known as StealC. "The threat actors cloned a legitimate Oura MCP Serv...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/17 11:30 a.m.7 views

My Day Getting My Hands Dirty with an NDR System

My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response NDR system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Securi...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/17 9:31 a.m.9 views

Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations

New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence AI chatbots via the "Summarize with AI" button that's being increasingly placed on websites in ways that mirror classic search engine poisoning SEO. The new AI hijacking technique has been...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/17 6:44 a.m.8 views

Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta

Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption E2EE in Rich Communications Services RCS messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/16 6:43 p.m.7 views

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw formerly Clawdbot and Moltbot configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/16 6:6 p.m.10 views

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/16 12:55 p.m.19 views

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, moder...

10CVSS7.9AI score0.88115EPSS
Exploits51
The Hacker News
The Hacker News
added 2026/02/16 11:55 a.m.9 views

Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud

Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer abstract for such a country as Lithuania, as well. From e-signatures to digital health records, the country depends on secure...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/16 10:24 a.m.51 views

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/16 6:38 a.m.8 views

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 CVSS score: 8.8, has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim...

8.8CVSS7AI score0.2202EPSS
Exploits16
The Hacker News
The Hacker News
added 2026/02/15 2:10 p.m.15 views

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System DNS lookup to retrieve the next-stage payload. Specifically, the attack relies on using the "nslooku...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/13 5:27 p.m.14 views

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group GTIG described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have...

6AI score
Exploits0
Total number of security vulnerabilities20902