Category: Hacker News

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

June 4, 2026
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

June 3, 2026
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

June 3, 2026
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

June 3, 2026
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

June 3, 2026
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

June 3, 2026
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

June 3, 2026
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

June 3, 2026
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

June 3, 2026
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

June 3, 2026
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

June 3, 2026
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

June 2, 2026
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

June 2, 2026
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

June 2, 2026
How Leading Organizations Are Turning EDR Into Operational Resilience

How Leading Organizations Are Turning EDR Into Operational Resilience

June 2, 2026
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.

AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.

June 2, 2026
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

June 2, 2026
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded

June 2, 2026
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

June 1, 2026
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

June 1, 2026
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

June 1, 2026
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

June 1, 2026
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools

The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools

June 1, 2026
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

June 1, 2026
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

May 31, 2026
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

May 30, 2026
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

May 29, 2026
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

May 29, 2026
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

May 29, 2026
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

May 29, 2026
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

May 29, 2026
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

May 29, 2026
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

May 28, 2026
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

May 28, 2026
New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI “Power users”

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI “Power users”

May 28, 2026
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

May 28, 2026
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

May 28, 2026
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

May 28, 2026
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

May 27, 2026
Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

May 27, 2026
3 SOC Steps that Shut Down Incident Risks Early

3 SOC Steps that Shut Down Incident Risks Early

May 27, 2026
Gitea Vulnerability Exposes Private Container Images without Authentication

Gitea Vulnerability Exposes Private Container Images without Authentication

May 27, 2026
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

May 27, 2026
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

May 27, 2026
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

May 27, 2026
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

May 26, 2026
MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You

MFA Prompt Bombing: Why Your Second Factor Isn’t Saving You

May 26, 2026
New AI DDoS Attacks Are Smarter. Learn How to Fight Back in This Webinar

New AI DDoS Attacks Are Smarter. Learn How to Fight Back in This Webinar

May 26, 2026
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

May 26, 2026
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

May 26, 2026