Lucene search
K

20893 matches found

The Hacker News
The Hacker News
added 2026/05/17 7:13 a.m.16 views

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our investigation has determined that no customer data or personal information was accessed during this incident, and we have...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/16 3:20 p.m.14 views

Funnel Builder Flaw Exploited to Enable WooCommerce Checkout Skimming

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/15 5:10 p.m.76 views

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer P2P botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency CISA, is assess...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/15 1:35 p.m.19 views

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data...

9.6CVSS6.3AI score0.02442EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/05/15 11:0 a.m.19 views

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust , we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your I...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/15 10:54 a.m.15 views

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/15 6:19 a.m.44 views

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 CVSS score: 8.1, has been described as a spoofing bug stemming from a cross-site scriptin...

8.1CVSS5.9AI score0.0564EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/05/15 5:28 a.m.13 views

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

The U.S.Cybersecurity and Infrastructure Security Agency CISA on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities KEV catalog, requiring Federal Civilian Executive Branch FCEB agencies to remediate the issue by May 17...

10CVSS6.5AI score0.88496EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/05/14 5:45 p.m.17 views

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182 , carries a CVSS score of 10.0. "A vulnerability in the peering authentication in Cisc...

10CVSS5.9AI score0.88496EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/05/14 5:22 p.m.20 views

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - [email protected] [email protected]...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/14 4:7 p.m.11 views

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago...

9.8CVSS7.1AI score0.32074EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/05/14 2:0 p.m.14 views

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particular...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/14 11:40 a.m.15 views

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI , an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulnerability in question is CVE-2026-44338 CVSS score: 7.3, a case of missing...

7.3CVSS5.8AI score0.26799EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/05/14 11:30 a.m.14 views

How AI Hallucinations Are Creating Real Security Risks

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/14 9:25 a.m.16 views

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework CTFMON. The security defects have been codenamed YellowKe...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/14 7:6 a.m.16 views

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation LPE vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia , the security...

6AI score0.03663EPSS
Exploits11
The Hacker News
The Hacker News
added 2026/05/14 6:0 a.m.23 views

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngxhttprewritemodule...

9.2CVSS6.8AI score0.61469EPSS
Exploits40
The Hacker News
The Hacker News
added 2026/05/13 1:46 p.m.42 views

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has unveiled a new multi-model artificial intelligence AI-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for m ulti-mod el a gentic s canning h...

9.8CVSS7.1AI score0.5585EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/05/13 1:0 p.m.14 views

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-hig...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/13 11:52 a.m.18 views

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piec...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/13 11:30 a.m.22 views

Most Remediation Programs Never Confirm the Fix Actually Worked

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/13 10:36 a.m.17 views

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low ...

10CVSS6.7AI score0.72253EPSS
Exploits36
The Hacker News
The Hacker News
added 2026/05/13 8:8 a.m.11 views

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. "The packages do not appear designed for mass developer...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/13 6:55 a.m.14 views

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables "persistent and privacy-preserving forensics logging to allow for...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/12 4:44 p.m.17 views

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent MTA designed for Unix-like systems to receive, route, and deliver email. The...

9.8CVSS6.5AI score0.01225EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/05/12 2:47 p.m.9 views

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems , the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on RubyGems right now," Maciej Mensfeld, senior product manager for...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/12 12:50 p.m.14 views

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network TON for command-and-control C2. The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/12 11:58 a.m.14 views

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/12 11:46 a.m.26 views

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP , the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to inclu...

9.6CVSS6AI score0.02342EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/05/12 10:30 a.m.21 views

Why Agentic AI Is Security's Next Blind Spot

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/12 7:37 a.m.12 views

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

American educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/12 6:55 a.m.14 views

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

OpenAI has launched Daybreak , a new cybersecurity initiative that brings together frontier artificial intelligence AI model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak combines the...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/12 5:18 a.m.17 views

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Apple on Monday officially released iOS 26.5 with support for end-to-end encryption E2EE to Rich Communication Services RCS in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users runnin...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/11 6:30 p.m.18 views

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa1c16 that was published on December 17, 2025 or previously," th...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/11 5:54 p.m.15 views

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

A threat actor named MrRot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager WHM that could result ...

9.8CVSS6.2AI score0.981EPSS
Exploits64
The Hacker News
The Hacker News
added 2026/05/11 3:45 p.m.18 views

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence AI system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/11 12:36 p.m.14 views

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One...

9.8CVSS6.9AI score0.32074EPSS
Exploits6
The Hacker News
The Hacker News
added 2026/05/11 11:30 a.m.28 views

Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room

Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A patch waiting on a change-approval window that's longer than the exploitation window itself. Nobody in that...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/11 7:5 a.m.15 views

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/10 12:41 p.m.18 views

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as...

9.1CVSS6.9AI score0.01001EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/05/09 7:16 a.m.13 views

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager WHM that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows - CVE-2026-29201 CVSS score: 4.3 - An insufficient input...

8.8CVSS6.3AI score0.0083EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/05/08 6:12 p.m.15 views

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/08 3:8 p.m.31 views

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps hav...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/08 2:1 p.m.14 views

One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches

The hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient Zero" infection. In 2026, hackers are using AI to make these "first clicks" nearly impossible to spot...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/08 11:0 a.m.17 views

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

A previously undocumented Linux implant codenamed Quasar Linux RAT QLNX is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/08 10:30 a.m.13 views

One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk

The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across liv...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/08 8:41 a.m.35 views

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module PAM-based post-exploitation toolkit...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/08 5:12 a.m.31 views

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions

Details have emerged about a new, unpatched local privilege escalation LPE vulnerability impacting the Linux kernel. Dubbed Dirty Frag , it has been described as a successor to Copy Fail CVE-2026-31431, CVSS score: 7.8, a recently disclosed LPE flaw impacting the Linux kernel that has since come...

8.8CVSS7.8AI score0.96267EPSS
Exploits259
The Hacker News
The Hacker News
added 2026/05/07 5:55 p.m.12 views

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile EPMM has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 CVSS score: 7.2, is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0....

8.8CVSS6.3AI score0.34454EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/05/07 5:45 p.m.13 views

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset harvests credentials from cloud, container, developer, productivity, and...

5.8AI score
Exploits0
Total number of security vulnerabilities20893