Category: Hacker News

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

January 15, 2026
4 Outdated Habits Destroying Your SOC’s MTTR in 2026

4 Outdated Habits Destroying Your SOC’s MTTR in 2026

January 15, 2026
Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login

Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login

January 15, 2026
Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud

Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud

January 15, 2026
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

January 14, 2026
AI Agents Are Becoming Privilege Escalation Paths

AI Agents Are Becoming Privilege Escalation Paths

January 14, 2026
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

January 14, 2026
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

January 14, 2026
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

January 14, 2026
New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

January 14, 2026
Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

January 14, 2026
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

January 14, 2026
Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

January 13, 2026
Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

January 13, 2026
[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl

[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl

January 13, 2026
What Should We Learn From How Attackers Leveraged AI in 2025?

What Should We Learn From How Attackers Leveraged AI in 2025?

January 13, 2026
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

January 13, 2026
New Advanced Linux VoidLink Malware Targets Cloud and container Environments

New Advanced Linux VoidLink Malware Targets Cloud and container Environments

January 13, 2026
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

January 13, 2026
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

January 13, 2026
n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

January 12, 2026
⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More

⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More

January 12, 2026
GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials

January 12, 2026
Anthropic Launches Claude AI for Healthcare with Secure Health Record Access

Anthropic Launches Claude AI for Healthcare with Secure Health Record Access

January 12, 2026
Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud

Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud

January 12, 2026
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

January 10, 2026
Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime

Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime

January 10, 2026
China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

January 9, 2026
Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

January 9, 2026
Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can’t)

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can’t)

January 9, 2026
Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

January 9, 2026
CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

January 9, 2026
FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing

FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing

January 9, 2026
WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

January 8, 2026
China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

January 8, 2026
ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

January 8, 2026
Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

January 8, 2026
Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

January 8, 2026
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

January 8, 2026
The State of Trusted Open Source

The State of Trusted Open Source

January 8, 2026
OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

January 8, 2026
CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

January 8, 2026
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

January 7, 2026
Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

January 7, 2026
The Future of Cybersecurity Includes Non-Human Employees

The Future of Cybersecurity Includes Non-Human Employees

January 7, 2026
Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication

Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication

January 7, 2026
Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

January 7, 2026
n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions

n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions

January 7, 2026
Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

January 7, 2026
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

January 7, 2026