Lucene search
K

20893 matches found

The Hacker News
The Hacker News
added 2026/05/25 2:13 p.m.28 views

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago. Good times...

7.1CVSS7AI score0.0138EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/05/25 12:2 p.m.32 views

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 CVSS score: 9.4, an SQL injection vulnerability in...

9.4CVSS6.5AI score0.69996EPSS
Exploits7
The Hacker News
The Hacker News
added 2026/05/25 11:30 a.m.28 views

The Alert Firehose Finally Meets Its Match

Ask a cybersecurity pro about Network Detection and Response NDR and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase fewer false positive...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/25 9:32 a.m.26 views

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/25 5:59 a.m.29 views

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor , spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22,...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/23 4:35 p.m.29 views

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/23 4:7 p.m.21 views

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json,"...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/23 11:55 a.m.54 views

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswing is a defensive...

9.3CVSS6.7AI score0.00468EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/05/23 9:51 a.m.22 views

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/23 7:35 a.m.22 views

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 CVSS score: 10.0, relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts...

10CVSS6.1AI score0.18914EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/05/23 7:23 a.m.23 views

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 CVSS score: 6.5, an...

9.8CVSS6.8AI score0.84631EPSS
Exploits14
The Hacker News
The Hacker News
added 2026/05/22 5:35 p.m.19 views

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network VPN service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/22 4:20 p.m.23 views

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Belarus-aligned threat actor known as Ghostwriter aka UAC-0057 and UNC1151 has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine CERT-UA,...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/22 11:55 a.m.23 views

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities build-bot, auto-ci, ci-bot, pipeline-bot, the attacke...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/22 11:38 a.m.21 views

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/22 8:50 a.m.19 views

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice DoJ on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service DDoS botnet known as Kimwolf. In tandem, Jacob Butler aka Dort, 23, Ottawa, Canada, has been charged with offenses related to the developmen...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/22 5:47 a.m.23 views

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below -...

9.4CVSS8.1AI score0.7889EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/05/22 5:36 a.m.16 views

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 CVSS score: 10.0, the vulnerability arises from insufficient validation and authentication when...

10CVSS5.9AI score0.00835EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/05/21 2:17 p.m.23 views

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showboat is a modular post-exploitation framework designed for Linux systems, capable...

9.8CVSS7.4AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2026/05/21 11:52 a.m.21 views

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. The...

6.4AI score0.00079EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/05/21 10:55 a.m.25 views

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091 , is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM...

7.8CVSS6.7AI score0.63076EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/05/21 10:30 a.m.21 views

When Identity is the Attack Path

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/21 7:35 a.m.21 views

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 CVSS score: 5.5, is a case of improper privilege management that could permit an unprivileged local user to disclose...

7.1CVSS6.1AI score0.0138EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/05/21 4:27 a.m.54 views

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code VS Code extension. The development comes as the Nx team revealed that the extensio...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/21 3:44 a.m.19 views

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 o...

6.5CVSS6.4AI score0.84631EPSS
Exploits14
The Hacker News
The Hacker News
added 2026/05/20 5:6 p.m.19 views

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence AI agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and securi...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/20 2:36 p.m.33 views

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service MSaaS operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attribut...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/20 12:51 p.m.22 views

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control C2 or C&C communications. Webworm, first publicly documented by Broadcom-owned Symantec ...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/20 11:58 a.m.17 views

Agent AI is Coming. Are You Ready?

New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, "identity dark matter" the unseen, unmanaged elements of identity now overshadows the visible elements 57% vs. 43%. And it couldn't have...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/20 11:38 a.m.26 views

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact to customer...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/20 10:30 a.m.18 views

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR Typosquatting is no longer a use...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/20 8:28 a.m.17 views

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585 , carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. "Microsoft is...

6.8CVSS5.8AI score0.01249EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/05/20 5:12 a.m.15 views

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along wi...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/19 4:38 p.m.14 views

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-contr...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/19 2:56 p.m.17 views

DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability

Proof-of-concept PoC exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation LPE. Dubbed DirtyDecrypt aka DirtyCBC, the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026,...

7.5CVSS5.9AI score0.00817EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/05/19 11:30 a.m.16 views

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service PhaaS platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogi...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/19 10:44 a.m.14 views

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days," the...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/19 9:23 a.m.17 views

SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnerabilities could ha...

10CVSS6.8AI score0.17015EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/05/19 7:49 a.m.13 views

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code VS Code Marketplace. The extension in question is rwl.angular-console version 18.95.0, a popular user interface and plugin for code editors like VS Code,...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/19 5:28 a.m.18 views

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper , to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/19 4:54 a.m.19 views

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer account atool, includin...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/18 5:21 p.m.16 views

INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests

INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa MENA that led to 201 arrests and the identification of an additional 382 suspects. The initiative involved the efforts of 13 countries from the region, aiming to investigate and neutralize...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/18 1:50 p.m.20 views

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency c...

8.1CVSS6.5AI score0.0564EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/05/18 1:0 p.m.17 views

How to Reduce Phishing Exposure Before It Turns into Business Disruption

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/18 11:23 a.m.12 views

Developer Workstations Are Now Part of the Software Supply Chain

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/18 10:54 a.m.31 views

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction CVE-2026-8043, CVSS score: 9.6 that could be...

9.8CVSS6.7AI score0.00869EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/05/18 8:57 a.m.22 views

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept PoC for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma , th...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/18 8:57 a.m.17 views

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte 825 Downloads @deadcode09284814/axios-util 284 Downloads...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/18 6:46 a.m.16 views

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/17 11:57 a.m.23 views

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

A newly disclosed security flaw impacting NGINX Plus and NGINX Open Source has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 CVSS score: 9.2, is a heap buffer overflow in ngxhttprewritemodule...

9.2CVSS7.9AI score0.61469EPSS
Exploits40
Total number of security vulnerabilities20893