Lucene search
K

20902 matches found

The Hacker News
The Hacker News
added 2026/01/27 9:1 a.m.9 views

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Cybersecurity researchers have discovered a JScript-based command-and-control C2 framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The flexible framework has been put to use against Chinese gambling industries and malicious...

6.5CVSS7.4AI score0.99595EPSS
Exploits14
The Hacker News
The Hacker News
added 2026/01/26 5:1 p.m.9 views

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire Threat Response Unit TRU, involves using phishing emails impersonating the Income Tax Department ...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/26 3:43 p.m.18 views

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code VS Code extensions that are advertised as artificial intelligence AI-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The extensions, which have 1.5...

9.8CVSS6.2AI score0.01023EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/01/26 11:55 a.m.33 views

⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week's recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. "Patched" no longer means safe, and every...

10CVSS6.8AI score0.98871EPSS
Exploits135
The Hacker News
The Hacker News
added 2026/01/26 11:30 a.m.9 views

Winning Against AI-Based Attacks Requires a Combined Defensive Approach

If there's a constant in cybersecurity, it's that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google's Threat Intelligence Group, recently reported on adversaries using Large Language Models LLMs to both conceal...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/26 8:54 a.m.12 views

Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence AI tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary'...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/24 11:9 a.m.10 views

Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign," Fortinet FortiGuard Labs...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/24 8:21 a.m.14 views

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the "largest cyber attack" targeting Poland's power system in the last week of December 2025. The attack was unsuccessful, the country's energy minister, Milosz Motyka, said last week. "The...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/24 8:20 a.m.7 views

Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits: “Wait… who approved this?”...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/24 8:9 a.m.14 views

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerability ...

9.8CVSS7AI score0.54143EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/23 3:24 p.m.14 views

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2025-68645 CVSS score: 8.8 - A PHP remote fi...

9.2CVSS6.5AI score0.83479EPSS
Exploits17
The Hacker News
The Hacker News
added 2026/01/23 12:30 p.m.13 views

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device th...

9.8CVSS5.8AI score0.66322EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/01/23 11:30 a.m.8 views

TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order

TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S. The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/23 11:18 a.m.7 views

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management RMM software for persistent remote access to compromised hosts. "Instead of deploying custom viruses, attackers are bypassing...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/23 8:25 a.m.10 views

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle AitM phishing and business email compromise BEC campaign targeting multiple organizations in the energy sector. "The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/22 6:0 p.m.13 views

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leveraged a malicious driver called POORTRY as part of a known technique referred to as bring your own...

9.8CVSS8.8AI score0.95355EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/01/22 4:30 p.m.9 views

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon telnetd that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061 , is rated 9.8 out of 10.0 on the CVSS scoring system. It affects all versions of GNU InetUtils from version 1.9.3 up to and...

9.8CVSS6.6AI score0.98871EPSS
Exploits62
The Hacker News
The Hacker News
added 2026/01/22 2:23 p.m.27 views

ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories

Most of this week's threats didn't rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers no...

10CVSS10AI score0.03001EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/01/22 11:30 a.m.10 views

Filling the Most Common Gaps in Google Workspace Security

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incide...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/22 10:4 a.m.8 views

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

A new malicious package discovered in the Python Package Index PyPI has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The package, named sympy-dev , mimics SymPy, replicating the latter's projec...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/22 9:46 a.m.16 views

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on...

10CVSS7.1AI score0.96268EPSS
Exploits18
The Hacker News
The Hacker News
added 2026/01/22 5:55 a.m.22 views

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaig...

9.8CVSS5.9AI score0.66322EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/01/22 4:6 a.m.14 views

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications CM products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild. The vulnerability, CVE-2026-20045 CVSS...

10CVSS6.7AI score0.2906EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/01/21 5:17 p.m.9 views

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence AI, cryptocurrency, financial services, IT services, marketing, and software...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/21 3:42 p.m.8 views

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service DoS and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers MMRs that could permit a meeting...

9.9CVSS7AI score0.12965EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/21 11:58 a.m.9 views

Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding "CISO-level protection" at SMB budgets. The truth? Most MSSPs are running harder, not smarter. And it's breaking their margins. That's where the quiet revolution is...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/21 10:30 a.m.9 views

Exposure Assessment Platforms Signal a Shift in Focus

Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry's collective "to-do list" has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms EAP category is a formal admissio...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/21 9:10 a.m.10 views

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Security vulnerabilities were uncovered in the popular open-source artificial intelligence AI framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively...

8.3CVSS6.3AI score0.08843EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/01/21 8:55 a.m.11 views

VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code

The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence AI model. That's according to new findings from Check Point Research, which identified operational security blunder...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/21 6:40 a.m.28 views

LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords

LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenan...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/21 6:4 a.m.11 views

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 CVSS score: 6.5, affects all versions of the module prior to version 2.3.0, whic...

6.5CVSS6.8AI score0.00505EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/20 6:41 p.m.14 views

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code VS Code projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/20 1:55 p.m.16 views

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol MCP server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. "These flaws can be exploited through prom...

6.5CVSS7.2AI score0.07822EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/20 1:46 p.m.8 views

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan RAT. The activity delivers "weaponized files via Dynamic Link Library DLL sideloading, combined wit...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/20 11:58 a.m.11 views

The Hidden Risk of Orphan Accounts

The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go - but their accounts often remain. These abandoned or “orphan” accounts sit dormant across applications, platforms, assets, and cloud consoles. The reason they persi...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/20 11:48 a.m.13 views

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code VS Code extension ecosystem. "The malware is designed to exfiltrate sensitive informatio...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/20 11:12 a.m.16 views

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment ACME validation logic that made it possible to bypass security controls and access origin servers. "The vulnerability was rooted in how our edge network processed requests destined for the...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/20 10:45 a.m.7 views

Why Secrets in JavaScript Bundles are Still Being Missed

Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder's research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/20 7:40 a.m.10 views

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegr...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/19 5:21 p.m.41 views

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism. The vulnerability, Miggo Security's Head of Research, Liad...

9.2CVSS7.7AI score0.00537EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/19 1:17 p.m.74 views

⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More

In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can...

10CVSS9.9AI score0.99999EPSS
Exploits142
The Hacker News
The Hacker News
added 2026/01/19 11:55 a.m.8 views

DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses

Just a few years ago, the cloud was touted as the "magic pill" for any cyber threat or performance issue. Many were lured by the "always-on" dream, trading granular control for the convenience of managed services. In recent years, many of us have learned often the hard way that public cloud servi...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/19 11:31 a.m.11 views

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs

A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors. The security flaw, codenamed StackWarp , can allow bad actors with privileged control over a host server to run malicious cod...

6.5CVSS6.6AI score0.01018EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/01/19 9:9 a.m.5 views

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web browser and trick victims into running arbitrary commands using ClickFix-like lures to deliver a...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/19 6:53 a.m.9 views

Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations

Cybersecurity researchers have disclosed a cross-site scripting XSS vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By exploiting it, we...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/17 4:26 p.m.19 views

Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice

Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service RaaS group Black Basta. In addition, the group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov Нефедов Олег Евгеньевич...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/17 8:34 a.m.5 views

OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans

OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the artificial intelligence AI company expanded access to its low-cost subscription globally. "You need to know that your data and conversations...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/16 5:59 p.m.8 views

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript aka JScript malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. "The actor creates a malformed archive as an anti-analysis technique," Expel security...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/16 2:9 p.m.8 views

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources HR and enterprise resource planning ERP platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts. "The extensions work in concert to...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/16 10:42 a.m.10 views

Your Digital Footprint Can Lead Right to Your Front Door

You lock your doors at night. You avoid sketchy phone calls. You're careful about what you post on social media. But what about the information about you that's already out there—without your permission? Your name. Home address. Phone number. Past jobs. Family members. Old usernames. It's all sti...

6.8AI score
Exploits0
Total number of security vulnerabilities20902