Lucene search
K

20902 matches found

The Hacker News
The Hacker News
added 2026/02/04 10:0 a.m.8 views

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/04 7:42 a.m.13 views

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/04 6:26 a.m.10 views

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code VS Code extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/04 5:50 a.m.15 views

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD to its Known Exploited Vulnerabilities KEV catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 CVSS score...

9.8CVSS9.4AI score0.84618EPSS
Exploits12
The Hacker News
The Hacker News
added 2026/02/03 4:41 p.m.13 views

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence AI assistant built into Docker Desktop and the Docker Command-Line Interface CLI, that could be exploited to execute code and exfiltrate sensitive data. The critical...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/03 2:14 p.m.10 views

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

Most security teams today are buried under tools. Too many dashboards. Too much noise. Not enough real progress. Every vendor promises “complete coverage” or “AI-powered automation,” but inside most SOCs, teams are still overwhelmed, stretched thin, and unsure which tools are truly pulling their...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/03 2:0 p.m.17 views

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnChecksaid it first observed exploitation of CVE-2025-11953 aka Metro4Shell on December 21, 2025. With a...

9.8CVSS6.6AI score0.62378EPSS
Exploits5
The Hacker News
The Hacker News
added 2026/02/03 11:0 a.m.16 views

When Cloud Outages Ripple Across the Internet

Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have disrupted large parts of the internet, taking down websites and services that many other systems depend on. The resulting ripple effects have halted...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/03 9:12 a.m.11 views

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

The Russia-linked state-sponsored threat actor known as APT28 aka UAC-0001 has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit. Zscaler ThreatLabz said it observed the hacking group weaponizing the...

7.8CVSS8.3AI score0.72152EPSS
Exploits12
The Hacker News
The Hacker News
added 2026/02/03 5:39 a.m.8 views

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence GenAI features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/03 4:55 a.m.19 views

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/02 5:49 p.m.13 views

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks. ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/02 4:28 p.m.16 views

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity security flaw has been disclosed in OpenClaw formerly referred to as Clawdbot and Moltbot that could allow remote code execution RCE through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 CVSS score: 8.8, has been addressed in version 2026.1.29 released on...

8.8CVSS6.9AI score0.08016EPSS
Exploits5
The Hacker News
The Hacker News
added 2026/02/02 3:59 p.m.9 views

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

Microsoft has announced a three-phase approach to phase out New Technology LAN Manager NTLM as part of its efforts to shift Windows environments toward stronger, Kerberos-based options. The development comes more than two years after the tech giant revealed its plans to deprecate the legacy...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/02 11:59 a.m.29 views

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident show...

9.9CVSS9.5AI score0.96742EPSS
Exploits62
The Hacker News
The Hacker News
added 2026/02/02 11:45 a.m.8 views

Securing the Mid-Market Across the Complete Threat Lifecycle

For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/02 8:55 a.m.17 views

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved an infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/02 5:47 a.m.10 views

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems. "Malicious updates were distributed through eScan'...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/02 5:4 a.m.6 views

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users. "On January 30, 2026, four established Open VSX extensions...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/31 12:2 p.m.6 views

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity, observed by HarfangLab in January 2026, has been codenamed...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/31 7:58 a.m.15 views

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing aka vishing and bogus...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/31 7:5 a.m.11 views

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant CHP supplying heat to almost half a million customers in...

7.2CVSS5.9AI score0.00666EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/30 1:42 p.m.11 views

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker ID: pnpchphmplpdimbllknjoiopmfphellj, which...

6.1CVSS6.9AI score0.01004EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/01/30 12:8 p.m.15 views

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services IIS servers located across Asia, bu...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/30 11:30 a.m.12 views

Badges, Bytes and Blackmail

Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification ...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/30 7:35 a.m.9 views

Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup

A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice DoJ announced Thursday. Linwei Ding aka Leon Ding, 38, was convicted by a federal jury on seven counts of economic...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/30 7:9 a.m.14 views

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423 , carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to...

9.8CVSS9.2AI score0.96268EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/01/30 4:43 a.m.14 views

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile EPMM that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency CISA to its Known Exploited Vulnerabilities KEV...

9.8CVSS8.1AI score0.8404EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/01/29 6:37 p.m.13 views

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence AI deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries. These...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/29 1:1 p.m.21 views

ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories

This week's updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day. Many of the stories point to the same trend: familiar tools being used in unexpected ways...

10CVSS7.4AI score0.99562EPSS
Exploits381
The Hacker News
The Hacker News
added 2026/01/29 11:55 a.m.8 views

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology OT networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues...

7.8CVSS6.1AI score0.74323EPSS
Exploits7
The Hacker News
The Hacker News
added 2026/01/29 10:30 a.m.8 views

3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026

Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any amount of which translates into very real damage. That's why for CISOs, it's key to prioritize decisions that reduce dwell time and protect their company...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/29 9:0 a.m.17 views

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution RCE. The list of vulnerabilities is as follows - CVE-2025-40536 CV...

9.8CVSS8.1AI score0.93299EPSS
Exploits12
The Hacker News
The Hacker News
added 2026/01/29 7:16 a.m.12 views

Google Disrupts IPIDEA — One of the World's Largest Residential Proxy Networks

Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks in the world. To that end, the company said it took legal action to take down dozens of domains used to control devices and proxy traffi...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/28 5:46 p.m.18 views

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code VS Code extension for Moltbot formerly Clawdbot on the official Extension Marketplace that claims to be a free artificial intelligence AI coding assistant, but stealthily drops a malicious payload on compromised...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/28 4:6 p.m.8 views

Russia-Aligned ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid

The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM. Operational technology OT cybersecurity company Dragos, in a new intelligence brief published Tuesday,...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/28 12:43 p.m.12 views

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, discovered by the JFrog Security Research team, are listed below - CVE-2026-1470 CVSS score: 9.9 -...

10CVSS7AI score0.71647EPSS
Exploits21
The Hacker News
The Hacker News
added 2026/01/28 11:55 a.m.8 views

From Triage to Threat Hunts: How AI Accelerates SecOps

If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the "Autonomous SOC" and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoff...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/28 11:50 a.m.13 views

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709 , carries a CVSS score of 9.8 out of 10.0 on...

10CVSS7.5AI score0.72087EPSS
Exploits17
The Hacker News
The Hacker News
added 2026/01/28 11:40 a.m.6 views

Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks

Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints. The activity has been attributed to Mustang Panda aka Earth Preta, Fireant, HoneyMyte,...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/28 10:30 a.m.7 views

Password Reuse in Disguise: An Often-Missed Risky Workaround

When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remain...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/28 9:46 a.m.12 views

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 202...

8.8CVSS7.7AI score0.86192EPSS
Exploits43
The Hacker News
The Hacker News
added 2026/01/28 9:30 a.m.22 views

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Cybersecurity researchers have discovered two malicious packages in the Python Package Index PyPI repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan RAT. The packages, named spellcheckerpy and spellcheckpy , are no longer available on PyPI, but...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/28 4:49 a.m.18 views

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 CVSS score: 9.4, has been described as an authentication bypass related to FortiOS single...

9.8CVSS6.1AI score0.85844EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/27 4:54 p.m.12 views

WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware

Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/27 4:45 p.m.6 views

Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities

Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/27 2:38 p.m.8 views

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization App-V script to distribute an information stealer called Amatera. "Instead of launching PowerShell directly, the attacker uses this scri...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/27 11:50 a.m.9 views

CTEM in Practice: Prioritization, Validation, and Outcomes That Matter

Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It's not only about what could go wrong vulnerabilities or who might attack threats, but where they intersect in your actual environment to create real, exploitable exposure. Which exposures...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/27 10:37 a.m.31 views

Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509 , carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office...

7.8CVSS6AI score0.72152EPSS
Exploits12
The Hacker News
The Hacker News
added 2026/01/27 10:36 a.m.11 views

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked as CVE-2026-24002 CVSS score: 9.1, has been codenamed Cellbreak by Cyera Research Lab...

9.9CVSS6.8AI score0.12685EPSS
Exploits4
Total number of security vulnerabilities20902