Lucene search
K

20893 matches found

The Hacker News
The Hacker News
added 2026/06/26 9:27 a.m.24 views

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says. The company has not attributed the activity to a known threat...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/26 8:49 a.m.14 views

Russia Used Cellebrite on Jailed Activist's iPhone Months After Sales Cutoff

Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus. The finding, published June 25 by the Citizen La...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/26 7:15 a.m.13 views

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the...

8.8CVSS7.4AI score0.80906EPSS
Exploits35
The Hacker News
The Hacker News
added 2026/06/25 2:12 p.m.49 views

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube, has more than 10 million installs and carries a Featured badge on the Chrome Web Store. The extensio...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/25 12:24 p.m.9 views

ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories

It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence, and “normal” workflows turning into phishing pipes because apparently email was...

6.5AI score0.0059EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/06/25 11:17 a.m.17 views

Surviving the Mythos Era: Richard Bejtlich on the Case for NDR

Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context? Answering these questions requires teams to go...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/25 9:23 a.m.27 views

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst's artificial intelligence AI tools and trick it into aborting or refusing an analysis of the artifact. The malware has been codenamed...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/25 8:54 a.m.17 views

New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026. According to Symantec and Carbon Black's Threat Hunter Team, the...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/25 5:46 a.m.9 views

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 CVSS score: 7.8...

7.8CVSS6.6AI score0.25323EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/06/24 5:19 p.m.17 views

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 26, 2026. The vulnerability in question...

9.8CVSS7.5AI score0.00889EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/06/24 3:59 p.m.9 views

Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. "The main common goal was to disrupt the 'assembly lines' cybercriminals...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/24 12:48 p.m.22 views

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/24 11:30 a.m.18 views

Dawn of the Apex Agentic Adversary

We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months later, a fix was deploye...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/24 8:55 a.m.9 views

DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering

The U.S. Department of Justice DoJ on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group. "These...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/24 6:50 a.m.10 views

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager Unified CM and Unified Communications Manager Session Management Edition Unified CM SME. The vulnerability, tracked as CVE-2026-20230 CVSS score: 8.6, is a case of improp...

8.6CVSS7.7AI score0.41694EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/06/23 6:20 p.m.53 views

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

A Russian-speaking initial access broker IAB driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/23 3:16 p.m.61 views

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payload was harmless by...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/23 3:16 p.m.9 views

Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration

President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31, 2030; digital signatures by December 31, 2031. EO 14409 leaves national...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/23 2:22 p.m.20 views

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pullrequesttarget workflow" trigger to run malicious code with the workflow's full privileges. Effective June 18, 2026, the latest version o...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/23 11:30 a.m.22 views

Agentic AI: The Weapon That No Longer Needs a Warrior

Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man's death a quarter mile beyond his sight, and the aircraft carried that death across oceans. At each turn, the distance...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/23 8:54 a.m.16 views

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan RAT. The list of identified packages, is below - aes-decode-runner-pro 145 downloads postcss-minify-selector 256 downloads postcss-minify-selector-parser 615...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/23 5:38 a.m.28 views

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script VBScript files that lead to the installation of legitimate Remote Monitoring and Management RMM software. Per findings from Kaspersky, the active campaign is targeting users of WhatsApp Desktop and WhatsA...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/23 3:56 a.m.12 views

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence AI company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping patch software...

7.5CVSS6.1AI score0.07237EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/22 6:0 p.m.11 views

ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attackers compromised the vendor's build and distribution pipeline, injecting backdoor code into Pro...

7.5CVSS6.2AI score0.00387EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/06/22 4:29 p.m.20 views

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/22 4:13 p.m.11 views

Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence AI conversions from other customers' applications without requiring...

9.4CVSS6.3AI score0.00509EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/06/22 1:20 p.m.60 views

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidenc...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/22 12:45 p.m.35 views

Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries

Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal install...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/22 11:58 a.m.10 views

Stop Your Legacy Infrastructure from Hijacking Your AI Agents

Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI adoption is moving faster than security...

10CVSS7AI score0.99945EPSS
Exploits47
The Hacker News
The Hacker News
added 2026/06/22 10:55 a.m.19 views

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of this feels new. Weak credentials,...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/22 9:11 a.m.26 views

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is the first time the Canadian Security Intelligence...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/22 6:57 a.m.26 views

AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network

A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin's XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is still rising. The distinction matters...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/22 6:6 a.m.24 views

INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific

A new report from INTERPOL has revealed a "dramatic increase" in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL's 2025/2026 Asia and Sou...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/20 9:56 a.m.16 views

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 CVSS score: 5.3, is a medium-severity information disclosure flaw that can allow unauthenticated attackers ...

7.5CVSS5.9AI score0.39704EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/06/19 6:37 p.m.14 views

Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8 , that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/19 6:33 p.m.12 views

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

The Gentlemen ransomware-as-a-service RaaS operation is actively developing and maintaining a suite of endpoint detection and response EDR killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is center...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/19 3:30 p.m.30 views

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker's web page, and that page's JavaScript can reach a privileged local service on the same machine and spawn a...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/19 3:7 p.m.18 views

Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites

Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. "With these actions we deprive cybercriminals of access to infected computer...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/19 2:0 p.m.20 views

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/19 11:58 a.m.18 views

From Assistive to Agentic: The AI Shift That's Redefining Threat Management

Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often, these tools are working in siloes, generating overlapping alerts and data. And yet, breach dwell times remain stubbornly long 43 days,...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/19 10:30 a.m.20 views

Forget Data Leakage: Shadow AI's Real Threat Is Access Control

The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data loss prevention rules. That response made sense at the time. It doesn't fit the problem anymore...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/19 9:3 a.m.31 views

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/19 6:36 a.m.15 views

Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone

Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 CVSS score: 8.8, refers to a case of incorrect authorization impacting the Airoha Bluetooth...

8.8CVSS6.2AI score0.04372EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/18 5:32 p.m.15 views

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 CVSS v4 score: 9.2 - A use-after-free vulnerability in the ngxhttpv3module that...

9.2CVSS6.8AI score0.03459EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/06/18 3:33 p.m.25 views

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who authorized it? For most enterprises, the answer is a simple no. The rush to adopt internal AI tools has left a massive trail of administrative debt:...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/18 3:27 p.m.15 views

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

The internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like helpers until attacke...

10CVSS9.3AI score0.57793EPSS
Exploits10
The Hacker News
The Hacker News
added 2026/06/18 2:30 p.m.15 views

Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign codenamed CryptoBandits that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication. "The clipper in th...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/18 2:12 p.m.28 views

INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023

Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service RaaS operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023. "The disruption of LockBit and the shutdown of BlackCat created...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/18 1:58 p.m.21 views

The Scripts on Your Checkout Page Are Now a PCI DSS Problem

An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a tag manager, a support widget, a...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/18 1:30 p.m.9 views

DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic

Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan RAT called Backdoor.Turn to conceal command-and-control C2 traffic inside Microsoft Teams relay infrastructure. According to findings from Broadcom-owned Symantec and Carbon...

5.5CVSS6.7AI score0.00275EPSS
Exploits2
Total number of security vulnerabilities20893