Lucene search
K

20902 matches found

The Hacker News
The Hacker News
added 2026/01/16 10:27 a.m.7 views

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/16 7:18 a.m.23 views

China-Linked APT Exploited Sitecore Zero-Day in Critical Infrastructure Intrusion

A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837 , assessed it to be a China-nexus advanced persistent threat APT actor with medium...

9CVSS6.8AI score0.30809EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/01/16 5:38 a.m.9 views

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced...

10CVSS7.8AI score0.2906EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/01/15 7:31 p.m.16 views

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A critical misconfiguration in Amazon Web Services AWS CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk. The vulnerability has been codenamed CodeBreach by cloud security...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/15 3:31 p.m.11 views

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 CVSS score: 10.0, has been described as a case of unauthenticated privilege escalation impacting all...

10CVSS6.9AI score0.20631EPSS
Exploits8
The Hacker News
The Hacker News
added 2026/01/15 3:9 p.m.9 views

Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot

Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence AI chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely. "Only a single...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/15 1:56 p.m.10 views

ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week's stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before...

9.8CVSS8.2AI score0.06867EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/01/15 11:55 a.m.5 views

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models. Two Chrome extensions posing as AI helpers were recently...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/15 11:0 a.m.5 views

4 Outdated Habits Destroying Your SOC's MTTR in 2026

It's 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully support analysts' needs, staggering investigations and...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/15 9:37 a.m.6 views

Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud

Microsoft on Wednesday announced that it has taken a "coordinated legal action" in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled millions in fraud losses. The effort, per the tech giant, is part of a broader law enforcement effort in...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/15 8:18 a.m.8 views

Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login

Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for which it said there exists a proof-of-concept PoC exploit. The vulnerability, tracked as CVE-2026-0227 CVSS score: 7.7, has been described as a denial-of-service DoS...

6.8AI score0.00674EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/14 7:3 p.m.7 views

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control C2 nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times,...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/14 3:7 p.m.13 views

AI Agents Are Becoming Authorization Bypass Paths

Not long ago, AI agents were harmless. They wrote snippets of code. They answered questions. They helped individuals move a little faster. Then organizations got ambitious. Instead of personal copilots, companies started deploying shared organizational AI agents - agents embedded into HR, IT,...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/14 2:18 p.m.14 views

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed details of an active malware campaign that's exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers. "Attackers achieve...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/14 11:53 a.m.12 views

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system OS injection vulnerability, tracked as CVE-2025-64155 , is rated 9.4 out of 10.0 on the CVSS...

9.8CVSS9AI score0.42649EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/01/14 11:0 a.m.10 views

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. Specific...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/14 9:38 a.m.11 views

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities...

8.8CVSS9.2AI score0.06545EPSS
Exploits10
The Hacker News
The Hacker News
added 2026/01/14 7:5 a.m.11 views

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service DoS condition. "Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion wi...

6.8AI score0.03782EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/01/14 5:48 a.m.10 views

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

The Computer Emergency Response Team of Ukraine CERT-UA has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The activity has been attributed with medium confidence to a Russian hacking group tracked as Void...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/13 5:30 p.m.13 views

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. "Enterprise organizations that are clients of these...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/13 5:22 p.m.2 views

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that's capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange CEX available in over 170 countries, while masquerading as a tool to automate trading on the platform. The...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/13 1:44 p.m.6 views

[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl

AI agents are no longer just writing code. They are executing it. Tools like Copilot, Claude Code, and Codex can now build, test, and deploy software end-to-end in minutes. That speed is reshaping engineering—but it's also creating a security gap most teams don't see until something breaks. Behin...

9.6CVSS7.9AI score0.76637EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/13 11:57 a.m.11 views

New Advanced Linux VoidLink Malware Targets Cloud and container Environments

Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed VoidLink that's specifically designed for long-term, stealthy access to Linux-based cloud environments According to a new report from Check Point Research, the cloud-native...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/13 11:55 a.m.6 views

What Should We Learn From How Attackers Leveraged AI in 2025?

Old Playbook, New Scale:While defenders are chasing trends, attackers are optimizing the basics The security industry loves talking about "new" threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures. But looking around, it seems like the most effective attacks in 2025...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/13 11:47 a.m.9 views

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420 ,...

10CVSS7.6AI score0.4549EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/13 9:8 a.m.14 views

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOWREACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. "The infection chain follows a...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/13 7:15 a.m.9 views

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities KEV catalog. The vulnerability, tracked as CVE-2025-8110 CVSS score: 8.7, relates to a case of path...

8.8CVSS8.2AI score0.7654EPSS
Exploits19
The Hacker News
The Hacker News
added 2026/01/12 4:39 p.m.26 views

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers' OAuth credentials. One such package, named "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit," mimics a Google Ads...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/12 1:41 p.m.29 views

⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More

This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn't need novel tricks. They used what was already exposed and moved in without resistance. Scale amplified...

10CVSS8.8AI score0.97875EPSS
Exploits80
The Hacker News
The Hacker News
added 2026/01/12 10:48 a.m.8 views

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials

A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that's capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers. "The current wave of campaigns is driven b...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/12 8:37 a.m.8 views

Anthropic Launches Claude AI for Healthcare with Secure Health Record Access

Anthropic has become the latest Artificial intelligence AI company to announce a new suite of features that allows users of its Claude platform to better understand their health information. Under an initiative called Claude for Healthcare , the company said U.S. subscribers of Claude Pro and Max...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/12 7:34 a.m.9 views

Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud

Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service PBaaS economy. At least since 2016, Chinese-speaking criminal groups have erected industrial-scale scam cente...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/10 10:35 a.m.23 views

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater. "The campaign uses icon spoofing and malicious Word documents to deliver...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/10 8:59 a.m.4 views

Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime

Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe. As part of an operation conducted by the Spanish National Police, in coordination with the Bavarian State Criminal Police Office and Europol, 28...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/09 5:43 p.m.19 views

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far back as February 2024. Cybersecurity firm Huntress, which observed the activity in December 2025 and...

9.3CVSS8.7AI score0.01676EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/09 3:28 p.m.18 views

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. Th...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/09 11:9 a.m.16 views

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can't)

As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn't a lack of forecasts—it's identifying which predictions reflect real, emerging risks and which can safely be...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/09 10:1 a.m.9 views

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-69258 , carries a CVSS score of 9.8 out ...

9.8CVSS8.3AI score0.0322EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/01/09 9:11 a.m.11 views

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday said it's retiring 10 emergency directives Eds that were issued between 2019 and 2024. The list of the directives now considered closed is as follows - ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/09 5:46 a.m.7 views

FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing

The U.S. Federal Bureau of Investigation FBI on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country. "As of 2025, Kimsuky actors have targeted think tanks, academic...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/08 5:10 p.m.13 views

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. "The malware retrieves the...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/08 2:54 p.m.10 views

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/08 12:49 p.m.10 views

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week's stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before...

9.8CVSS9.9AI score0.99813EPSS
Exploits29
The Hacker News
The Hacker News
added 2026/01/08 11:50 a.m.8 views

The State of Trusted Open Source

Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/08 10:44 a.m.10 views

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine ISE and ISE Passive Identity Connector ISE-PIC with a public proof-of-concept PoC exploit. The vulnerability, tracked as CVE-2026-20029 CVSS score: 4.9, resides in the licensing feature and could all...

5.8CVSS6.7AI score0.05638EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/01/08 10:31 a.m.4 views

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named "wenmoonx."...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/08 9:53 a.m.8 views

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 CVSS score: 10.0...

9.9CVSS7.9AI score0.0376EPSS
Exploits12
The Hacker News
The Hacker News
added 2026/01/08 6:57 a.m.10 views

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

Artificial intelligence AI company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to securely connect medical records...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/08 4:52 a.m.12 views

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise HPE OneView to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities are listed bel...

10CVSS8.5AI score0.89733EPSS
Exploits13
The Hacker News
The Hacker News
added 2026/01/07 5:19 p.m.6 views

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access,...

7.2AI score
Exploits0
Total number of security vulnerabilities20902