Category: Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

March 31, 2026
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

March 30, 2026
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

March 30, 2026
3 SOC Process Fixes That Unlock Tier 1 Productivity

3 SOC Process Fixes That Unlock Tier 1 Productivity

March 30, 2026
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

March 30, 2026
The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

March 30, 2026
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

March 30, 2026
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

March 30, 2026
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

March 28, 2026
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

March 28, 2026
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

March 28, 2026
TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

March 28, 2026
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

March 27, 2026
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

March 27, 2026
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

March 27, 2026
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

March 27, 2026
We Are At War

We Are At War

March 27, 2026
Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

March 27, 2026
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

March 27, 2026
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

March 26, 2026
ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

March 26, 2026
Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

March 26, 2026
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

March 26, 2026
Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks

March 26, 2026
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

March 26, 2026
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

March 26, 2026
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

March 25, 2026
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

March 25, 2026
Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

March 25, 2026
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

March 25, 2026
The Kill Chain Is Obsolete When Your AI Agent Is the Threat

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

March 25, 2026
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

March 25, 2026
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise

March 24, 2026
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

March 24, 2026
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

March 24, 2026
5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

March 24, 2026
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

March 24, 2026
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

March 24, 2026
The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

March 24, 2026
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage

U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage

March 24, 2026
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

March 24, 2026
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

March 23, 2026
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

March 23, 2026
We Found Eight Attack Vectors Inside AWS Bedrock. Here’s What Attackers Can Do with Them

We Found Eight Attack Vectors Inside AWS Bedrock. Here’s What Attackers Can Do with Them

March 23, 2026
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

March 23, 2026
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

March 23, 2026
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

March 23, 2026
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

March 21, 2026
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

March 21, 2026
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

March 21, 2026