Lucene search
K

20902 matches found

The Hacker News
The Hacker News
added 2026/02/13 4:23 p.m.17 views

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base DIB sector, according to findings from Google Threat Intelligence Group GTIG. The tech giant's threat intelligence division...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/13 3:23 p.m.9 views

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019,...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/13 11:25 a.m.10 views

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters ID: jkphinfhmfkckkcnifhjiplhfoiefffl, is marketed as a way to scrape Meta...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/13 10:45 a.m.9 views

npm’s Update to Harden Their Supply Chain, and Points to Consider

In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/13 8:34 a.m.15 views

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support RS and Privileged Remote Access PRA products, according to watchTowr. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan...

9.9CVSS10AI score0.8833EPSS
Exploits23
The Hacker News
The Hacker News
added 2026/02/12 5:57 p.m.11 views

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence AI model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber...

8.8CVSS8.1AI score0.80906EPSS
Exploits35
The Hacker News
The Hacker News
added 2026/02/12 4:55 p.m.12 views

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index PyPI repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/12 11:51 a.m.18 views

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how...

9.8CVSS10AI score0.98871EPSS
Exploits71
The Hacker News
The Hacker News
added 2026/02/12 10:30 a.m.9 views

The CTEM Divide: Why 84% of Security Programs Are Falling Behind

A new 2026 market intelligence study of 128 enterprise security decision-makers available here reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuou...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/12 7:32 a.m.16 views

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile EPMM can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitati...

10CVSS7.1AI score0.98871EPSS
Exploits77
The Hacker News
The Hacker News
added 2026/02/12 5:39 a.m.31 views

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 CVSS score: 7.8, has been described as a memory corruption issue in dyl...

8.8CVSS8.9AI score0.22721EPSS
Exploits16
The Hacker News
The Hacker News
added 2026/02/11 5:45 p.m.7 views

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fa...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/11 2:52 p.m.9 views

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/11 1:28 p.m.12 views

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypa...

9.9CVSS6.4AI score0.0049EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/02/11 11:30 a.m.8 views

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work ...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/11 10:22 a.m.12 views

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the...

8.8CVSS9.1AI score0.25835EPSS
Exploits9
The Hacker News
The Hacker News
added 2026/02/11 9:56 a.m.10 views

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat IRC communication protocol for command-and-control C2 purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners...

7.8CVSS6.3AI score0.21238EPSS
Exploits73
The Hacker News
The Hacker News
added 2026/02/11 6:50 a.m.10 views

North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations

The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/10 5:44 p.m.10 views

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

The information technology IT workers associated with the Democratic People's Republic of Korea DPRK are now applying to remote positions using real LinkedIn accounts of individuals they're impersonating, marking a new escalation of the fraudulent scheme. "These profiles often have verified...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/10 2:36 p.m.15 views

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver BYOVD component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that...

5.7CVSS6.5AI score0.00275EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/02/10 1:59 p.m.15 views

From Ransomware to Residency: Inside the Rise of the Digital Parasite

Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/10 1:30 p.m.17 views

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643 , has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of...

9.8CVSS7AI score0.94085EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/02/10 11:40 a.m.9 views

ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security

January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm HH Capital, bringing ZAST.AI's total funding close to $10 million. This marks a recognition from leading capital markets of a new solution...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/10 10:24 a.m.15 views

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

SmarterTools confirmed last week that the Warlock aka Storm-2603 ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company's Chief...

10CVSS9.3AI score0.96268EPSS
Exploits18
The Hacker News
The Hacker News
added 2026/02/10 8:22 a.m.12 views

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

The Netherlands' Dutch Data Protection Authority AP and the Council for the Judiciary confirmed both agencies Rvdr have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile EPMM, according to a notice se...

9.8CVSS9AI score0.8404EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/02/09 5:1 p.m.9 views

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

The Cyber Security Agency CSA of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All...

8.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/09 2:42 p.m.12 views

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk WHD instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft...

9.8CVSS8.2AI score0.8833EPSS
Exploits7
The Hacker News
The Hacker News
added 2026/02/09 12:59 p.m.16 views

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern...

9.9CVSS6.5AI score0.11737EPSS
Exploits7
The Hacker News
The Hacker News
added 2026/02/09 11:23 a.m.12 views

How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through. Top CISOs have realized the solution isn’t hiring...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/09 10:58 a.m.10 views

Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/09 8:37 a.m.36 views

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Dock...

10CVSS6.2AI score0.99562EPSS
Exploits431
The Hacker News
The Hacker News
added 2026/02/09 8:3 a.m.12 views

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA

BeyondTrust has released updates to address a critical security flaw impacting Remote Support RS and Privileged Remote Access PRA products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support RS and certain older versions of Privileged Remote Access...

9.9CVSS7.1AI score0.88115EPSS
Exploits11
The Hacker News
The Hacker News
added 2026/02/08 7:32 a.m.9 views

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

OpenClaw formerly Moltbot and Clawdbot has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to ClawHub are now...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/07 11:15 a.m.9 views

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Germany's Federal Office for the Protection of the Constitution aka Bundesamt für Verfassungsschutz or BfV and Federal Office for Information Security BSI have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/06 2:56 p.m.7 views

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle AitM framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/06 1:43 p.m.9 views

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

The U.S. Cybersecurity and Infrastructure Security Agency CISA has ordered Federal Civilian Executive Branch FCEB agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers OEMs over the...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/06 12:7 p.m.7 views

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/06 10:30 a.m.11 views

How Samsung Knox Helps Stop Your Network Security Breach

As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However and it’s a big “however”, the increasing use of mobile devices in...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/06 8:40 a.m.10 views

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index PyPI repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the tw...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/06 5:49 a.m.8 views

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Artificial intelligence AI company Anthropic revealed that its latest large language model LLM, Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched Thursday,...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/05 5:25 p.m.7 views

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

The distributed denial-of-service DDoS botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second Tbps and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it's part of a growing number of...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/05 12:57 p.m.10 views

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions...

10CVSS7AI score0.00627EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/02/05 11:30 a.m.8 views

The Buyer’s Guide to AI Usage Control

Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy contro...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/05 10:25 a.m.12 views

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

The elusive Iranian threat group known as Infy aka Prince of Persia has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control C2 infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of January...

8.8CVSS7.7AI score0.86192EPSS
Exploits43
The Hacker News
The Hacker News
added 2026/02/05 6:16 a.m.20 views

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 CVSS score: 9.4, is the result of inadequate sanitization that bypasse...

9.9CVSS7.9AI score0.97875EPSS
Exploits32
The Hacker News
The Hacker News
added 2026/02/05 4:56 a.m.28 views

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota BT in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated...

10CVSS7.4AI score0.99562EPSS
Exploits374
The Hacker News
The Hacker News
added 2026/02/04 5:52 p.m.23 views

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models LLMs and improve the overall trust in artificial intelligence AI systems. The tech giant's AI Security team said the scanner leverages three observable signals that ca...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/04 5:24 p.m.11 views

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEADVAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan RAT known as AsyncRAT. "The attack...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/04 2:9 p.m.9 views

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker...

8.8CVSS8.5AI score0.80906EPSS
Exploits35
The Hacker News
The Hacker News
added 2026/02/04 11:58 a.m.7 views

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over...

5.7AI score
Exploits0
Total number of security vulnerabilities20902