Category: Hacker News

Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

January 24, 2026
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

January 24, 2026
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

January 24, 2026
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

January 23, 2026
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

January 23, 2026
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

January 23, 2026
TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order

TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order

January 23, 2026
Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

January 23, 2026
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

January 22, 2026
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

January 22, 2026
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories

ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories

January 22, 2026
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

January 22, 2026
Filling the Most Common Gaps in Google Workspace Security

Filling the Most Common Gaps in Google Workspace Security

January 22, 2026
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

January 22, 2026
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

January 22, 2026
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

January 22, 2026
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

January 21, 2026
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

January 21, 2026
Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

January 21, 2026
Exposure Assessment Platforms Signal a Shift in Focus

Exposure Assessment Platforms Signal a Shift in Focus

January 21, 2026
Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

January 21, 2026
VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code

VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code

January 21, 2026
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords

LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords

January 21, 2026
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

January 21, 2026
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

January 20, 2026
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

January 20, 2026
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

January 20, 2026
The Hidden Risk of Orphan Accounts

The Hidden Risk of Orphan Accounts

January 20, 2026
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

January 20, 2026
Why Secrets in JavaScript Bundles are Still Being Missed

Why Secrets in JavaScript Bundles are Still Being Missed

January 20, 2026
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

January 20, 2026
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

January 20, 2026
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

January 19, 2026
⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More

⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More

January 19, 2026
DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses

DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses

January 19, 2026
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs

January 19, 2026
CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

January 19, 2026
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations

Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations

January 19, 2026
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice

Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice

January 17, 2026
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans

OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans

January 17, 2026
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

January 16, 2026
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

January 16, 2026
LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing

January 16, 2026
Your Digital Footprint Can Lead Right to Your Front Door

Your Digital Footprint Can Lead Right to Your Front Door

January 16, 2026
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

January 16, 2026
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

January 16, 2026
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

January 15, 2026
Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot

Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot

January 15, 2026
Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

January 15, 2026
ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories

ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories

January 15, 2026