Category: Hacker News

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

December 3, 2025
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts

December 3, 2025
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud

December 3, 2025
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

December 3, 2025
Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar

Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar

December 3, 2025
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

December 3, 2025
Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage

Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage

December 3, 2025
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

December 3, 2025
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

December 2, 2025
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

December 2, 2025
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera

Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera

December 2, 2025
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

December 2, 2025
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks

Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks

December 2, 2025
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities

SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities

December 2, 2025
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

December 2, 2025
India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud

India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud

December 1, 2025
ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

December 1, 2025
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More

December 1, 2025
Webinar: The “Agentic” Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams

Webinar: The “Agentic” Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams

December 1, 2025
New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

December 1, 2025
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

December 1, 2025
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

November 30, 2025
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

November 28, 2025
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

November 28, 2025
Why Organizations Are Turning to RPAM

Why Organizations Are Turning to RPAM

November 28, 2025
MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

November 28, 2025
Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

November 27, 2025
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

November 27, 2025
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

November 27, 2025
Gainsight Expands Impacted Customer List Following Salesforce Security Alert

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

November 27, 2025
Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

November 20, 2025
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

November 20, 2025
CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

November 20, 2025
New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

November 20, 2025
Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

November 20, 2025
TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

November 20, 2025
ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

November 20, 2025
Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

November 19, 2025
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

November 19, 2025
WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

November 19, 2025
Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software

Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software

November 19, 2025
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts

ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts

November 19, 2025
EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

November 19, 2025
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

November 19, 2025
Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

November 18, 2025
Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

November 18, 2025
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

November 18, 2025
Researchers Detail Tuoni C2’s Role in an Attempted 2025 Real-Estate Cyber Intrusion

Researchers Detail Tuoni C2’s Role in an Attempted 2025 Real-Estate Cyber Intrusion

November 18, 2025
Learn How Leading Companies Secure Cloud Workloads and Infrastructure at Scale

Learn How Leading Companies Secure Cloud Workloads and Infrastructure at Scale

November 18, 2025
Beyond IAM Silos: Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities

Beyond IAM Silos: Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities

November 18, 2025