Lucene search
K

20893 matches found

The Hacker News
The Hacker News
added 2026/06/17 6:14 p.m.30 views

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that acts as the central hu...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/17 5:36 p.m.18 views

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 CVSS score: 7.8, with the tech giant describing it as a privilege escalation flaw. "Microsoft is...

7.8CVSS6AI score0.03391EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/17 4:0 p.m.17 views

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim's machine, building ...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/17 2:58 p.m.18 views

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization

For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The problem is no longer visibility. It's validation. Security teams must decide which findings warrant action while operating under constant pressure and incomplete informatio...

5.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/17 1:51 p.m.19 views

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence AI provider keys. "Every plugin poses as an AI coding assistant built on DeepSeek and other lar...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/17 12:36 p.m.21 views

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 CVSS score: 7.8, with the tech giant describing it as a privilege escalation flaw. "Microsoft is...

7.8CVSS5.6AI score0.03391EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/17 10:30 a.m.17 views

The Top 10 Attack Surface Exposures in 2026

Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/17 7:38 a.m.29 views

145 Mastra npm Packages Compromised via Hijacked Contributor Account

As many as 145 npm packages associated with the Mastra namespace "@mastra/", a popular open-source JavaScript and TypeScript framework for building artificial intelligence AI applications, have been compromised as part of a software supply chain attack codenamed easy-day-js , per findings from...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/17 5:50 a.m.14 views

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor JCE to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...

10CVSS6.2AI score0.80425EPSS
Exploits19
The Hacker News
The Hacker News
added 2026/06/16 7:5 p.m.10 views

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google's bug bounty...

7.7CVSS5.6AI score0.00438EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/06/16 5:41 p.m.18 views

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader , Lorem Ipsum Loader , and Potemkin , per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/16 1:10 p.m.24 views

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla , that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/16 11:30 a.m.10 views

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive

Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms. Yet despite this abundance of information, many organizations...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/16 10:30 a.m.44 views

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours...

9.8CVSS6.6AI score0.48668EPSS
Exploits7
The Hacker News
The Hacker News
added 2026/06/16 9:44 a.m.17 views

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally marked as WINDRV and WINPLUS," ESET said in a report shared with The Hacker News. "Both come with ...

6.7CVSS8.6AI score0.10561EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/16 8:14 a.m.17 views

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

The North Korean state-sponsored hacking group known as ScarCruft aka APT37 has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new malware called NarwhalRAT. "The attack email contained a message impersonating an MS account security...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/16 6:5 a.m.13 views

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262 , carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of Cisco Catalyst SD-WAN...

6.5CVSS5.8AI score0.07683EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/06/16 5:41 a.m.12 views

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities KEV catalog, requiring Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 18, 2026. The vulnerability in questi...

8.5CVSS5.5AI score0.01261EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/06/15 7:44 p.m.22 views

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/15 7:32 p.m.20 views

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview aka Famous Chollima, HexagonalRodent, and Void Dokkaebi. According to a report published by Proofpoint, the threat actor has...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/15 4:39 p.m.18 views

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one...

8.8CVSS6AI score0.00739EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/06/15 3:9 p.m.14 views

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link...

7.5CVSS5.7AI score0.0764EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/15 1:49 p.m.23 views

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten...

8.8CVSS7.4AI score0.01654EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/06/15 11:30 a.m.17 views

The Onboarding Password Mistake That Creates Unnecessary Risk

Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary "first-day" password so employees can access systems for the first time. The issue is that these...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/15 11:7 a.m.27 views

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program PUP family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins.com,...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/15 9:59 a.m.14 views

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage , OptinMonster , and TrustPulse , turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker'...

8.1CVSS6.2AI score0.03578EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/06/15 6:30 a.m.13 views

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts

Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. "These accounts promoted fake offers, including...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/15 6:17 a.m.24 views

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 CVSS score: 7.8, an authentication bypass flaw...

9.1CVSS6.1AI score0.86678EPSS
Exploits11
The Hacker News
The Hacker News
added 2026/06/13 1:23 p.m.28 views

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk...

9.8CVSS6.6AI score0.88171EPSS
Exploits5
The Hacker News
The Hacker News
added 2026/06/13 5:42 a.m.20 views

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals

Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence AI models, Claude Fable 5 and Mythos 5 , for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., citing national...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/12 7:33 p.m.33 views

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Attackers took over more than 400 packages in the Arch User Repository AUR this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/12 6:59 p.m.19 views

Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing

Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence AI agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phishing-as-a-service...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/12 6:17 p.m.40 views

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant , says it backdoored the PAM and OpenSSH components that decide who is allowed to sign i...

6.7CVSS5.8AI score0.04271EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/06/12 12:4 p.m.27 views

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence AI coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted usi...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/12 11:0 a.m.17 views

Rethinking MDR as Attackers and Defenders Embrace AI

For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape ha...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/12 9:50 a.m.11 views

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent...

7.8CVSS7.9AI score0.05219EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/06/12 8:52 a.m.22 views

INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator

An INTERPOL-led operation last month resulted in the disruption of Sniper Dz , a decade-long phishing-as-a-service PhaaS platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/12 6:38 a.m.16 views

Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs

Authorities in Europe have disrupted AudiA6 , a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a "key financial pipeline used to wash hundreds of millions in illicit profits." T...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/11 8:29 p.m.23 views

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity...

9.8CVSS6.6AI score0.9233EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/06/11 5:46 p.m.20 views

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/11 5:43 p.m.12 views

New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files

Security researcher Chaotic Eclipse aka Nightmare-Eclipse and MSNightmare has released a new Windows BitLocker bypass dubbed GreatXML , a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the researcher said in...

6.8CVSS6.4AI score0.01249EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/06/11 4:50 p.m.22 views

The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service RaaS schemes like LockBit aka Tenacious Mantis...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/11 1:26 p.m.17 views

Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories

Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/11 1:20 p.m.14 views

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real...

8.7CVSS6.9AI score0.00542EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/11 11:30 a.m.18 views

AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.

For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/11 9:45 a.m.23 views

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/11 6:23 a.m.22 views

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/10 4:8 p.m.15 views

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

Cybersecurity researchers have warned of a "resurgence and expansion" of JDY , a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO small office and home office and IoT devices and operates as a centrally controlled, high-performanc...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/10 3:10 p.m.19 views

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox...

10CVSS9.6AI score0.99041EPSS
Exploits8
The Hacker News
The Hacker News
added 2026/06/10 3:0 p.m.17 views

Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE

A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence AI applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 CVSS score: 8.8, a case of path...

8.8CVSS6.1AI score0.31405EPSS
Exploits4
Total number of security vulnerabilities20893