Lucene search
K

20893 matches found

The Hacker News
The Hacker News
•added 2026/06/03 4:40 p.m.•17 views

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was introduced in...

8.8CVSS5.8AI score0.01286EPSS
Exploits4
The Hacker News
The Hacker News
•added 2026/06/03 4:30 p.m.•17 views

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The...

9.8CVSS6.9AI score0.27546EPSS
Exploits1
The Hacker News
The Hacker News
•added 2026/06/03 4:29 p.m.•17 views

Google DoubleClick Abused in New Malspam Campaign to Deliver .NET Loader

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-based loader. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick...

5.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/03 2:56 p.m.•21 views

Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That is a question abo...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/03 2:56 p.m.•13 views

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse t...

7.7CVSS5.8AI score0.00249EPSS
Exploits0
The Hacker News
The Hacker News
•added 2026/06/03 11:58 a.m.•13 views

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/03 10:18 a.m.•12 views

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool's ms-screensketch: URI handler, the newly flagged issue resides in the...

4.3CVSS5.8AI score0.03447EPSS
Exploits5
The Hacker News
The Hacker News
•added 2026/06/03 8:33 a.m.•49 views

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's...

7.5CVSS6AI score0.48438EPSS
Exploits3
The Hacker News
The Hacker News
•added 2026/06/03 6:16 a.m.•22 views

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service MaaS campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active...

6.1AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/02 6:46 p.m.•25 views

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 CVSS score: 8.4, the security flaw h...

8.4CVSS6.2AI score0.01714EPSS
Exploits1
The Hacker News
The Hacker News
•added 2026/06/02 6:21 p.m.•25 views

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR,...

8.8CVSS6.5AI score0.80906EPSS
Exploits35
The Hacker News
The Hacker News
•added 2026/06/02 6:14 p.m.•42 views

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 CVSS score: 7.5, allows an...

7.5CVSS6AI score0.49689EPSS
Exploits3
The Hacker News
The Hacker News
•added 2026/06/02 11:58 a.m.•31 views

AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.

AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/02 10:30 a.m.•18 views

How Leading Organizations Are Turning EDR Into Operational Resilience

Most organizations now recognize that endpoint protection alone is no longer sufficient. That's why adoption of endpoint detection and response EDR has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention controls, and require...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/02 9:5 a.m.•12 views

Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT. "The campaign opens with a spear phishing delivery - a ZIP...

6AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/02 3:55 a.m.•53 views

Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an "external" threat actor launched a brute-force attack agains...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/01 5:40 p.m.•21 views

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma , has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of...

6AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/01 1:59 p.m.•24 views

⚔ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI loweri...

9.1CVSS7.2AI score0.86678EPSS
Exploits11
The Hacker News
The Hacker News
•added 2026/06/01 11:54 a.m.•38 views

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial...

6.1AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/01 11:30 a.m.•29 views

The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools

Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has since outgrown the descriptor....

5.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/01 9:31 a.m.•132 views

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting ove...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/06/01 8:45 a.m.•16 views

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrator accounts on susceptible sites. WP Maps Pro allows site owners to embed customizable Google Map...

9.8CVSS5.7AI score0.09461EPSS
Exploits7
The Hacker News
The Hacker News
•added 2026/05/31 12:22 p.m.•20 views

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center NCSC, consisted of at lea...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/30 6:41 a.m.•18 views

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 CVSS score: 7.8, refers to a case of authentication bypass that could be exploited b...

9.1CVSS5.9AI score0.86678EPSS
Exploits11
The Hacker News
The Hacker News
•added 2026/05/29 6:7 p.m.•40 views

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence AI assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhi...

6.6AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/29 2:39 p.m.•23 views

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An unknown threat actor has been observed using a large language model LLM agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an...

9.8CVSS8.1AI score0.95645EPSS
Exploits11
The Hacker News
The Hacker News
•added 2026/05/29 11:31 a.m.•22 views

New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone,...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/29 10:30 a.m.•14 views

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/29 9:11 a.m.•26 views

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk"...

6AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/29 5:57 a.m.•20 views

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

The North Korean state-sponsored threat actor known as Kimsuky aka Velvet Chollima has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering tactics, such as...

6AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/28 5:24 p.m.•31 views

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/28 3:26 p.m.•21 views

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server EMS deployments to deliver a credential-stealing malware family dubbed EKZ Infostealer. "The campaign abused trusted endpoint management infrastructure to deliver malware...

9.8CVSS6.2AI score0.88505EPSS
Exploits8
The Hacker News
The Hacker News
•added 2026/05/28 1:53 p.m.•22 views

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure CVD, urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a...

7.8CVSS6.6AI score0.63076EPSS
Exploits6
The Hacker News
The Hacker News
•added 2026/05/28 1:33 p.m.•20 views

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta now - meanwhile...

9.8CVSS6.5AI score0.01456EPSS
Exploits1
The Hacker News
The Hacker News
•added 2026/05/28 11:30 a.m.•31 views

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"

State of AI Usage Report 2026 full report here by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/28 7:54 a.m.•21 views

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social engineering...

6AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/27 4:10 p.m.•28 views

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That's according to new findings from WatchGuard and ESET, which have observed the two malware families being used t...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/27 3:44 p.m.•27 views

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/27 1:28 p.m.•24 views

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/27 11:48 a.m.•27 views

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...

6.2AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/27 11:45 a.m.•24 views

3 SOC Steps that Shut Down Incident Risks Early

Most organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They drift in disguised as routine activity, hide inside legitimate processes, and quietly accumulat...

6AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/27 10:6 a.m.•28 views

Gitea Vulnerability Exposes Private Container Images without Authentication

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials. The...

5.8AI score0.40738EPSS
Exploits1
The Hacker News
The Hacker News
•added 2026/05/27 7:45 a.m.•18 views

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence AI chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and increases the...

8.8CVSS7.8AI score0.64987EPSS
Exploits7
The Hacker News
The Hacker News
•added 2026/05/26 3:48 p.m.•25 views

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financia...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/26 11:58 a.m.•21 views

[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back

Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence AI tools to make their attacks faster, stronger, and much harder to stop. According to...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/26 11:49 a.m.•29 views

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659 , carries a CVSS score of 8.8. It has been...

8.8CVSS6.6AI score0.03219EPSS
Exploits4
The Hacker News
The Hacker News
•added 2026/05/26 10:30 a.m.•28 views

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

Multi-factor authentication MFA was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they don't need to steal...

5.9AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/26 9:13 a.m.•22 views

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team CERT-In has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse ...

5.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/26 7:13 a.m.•27 views

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

The Iranian state-sponsored threat actor known as Nimbus Manticore aka Screening Serpens and UNC1549 has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli...

6.1AI score
Exploits0
The Hacker News
The Hacker News
•added 2026/05/26 5:19 a.m.•27 views

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System LMS popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as...

7.5CVSS6.5AI score0.01008EPSS
Exploits0
Total number of security vulnerabilities20893