Category: Hacker News

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

May 18, 2026
Developer Workstations Are Now Part of the Software Supply Chain

Developer Workstations Are Now Part of the Software Supply Chain

May 18, 2026
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

May 18, 2026
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

May 18, 2026
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

May 17, 2026
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

May 17, 2026
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

May 16, 2026
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

May 15, 2026
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

May 15, 2026
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

May 15, 2026
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

May 15, 2026
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

May 15, 2026
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

May 15, 2026
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

May 14, 2026
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

May 14, 2026
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

May 14, 2026
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

May 14, 2026
How AI Hallucinations Are Creating Real Security Risks

How AI Hallucinations Are Creating Real Security Risks

May 14, 2026
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

May 14, 2026
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

May 14, 2026
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

May 14, 2026
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

May 14, 2026
Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

May 13, 2026
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

May 13, 2026
Most Remediation Programs Never Confirm the Fix Actually Worked

Most Remediation Programs Never Confirm the Fix Actually Worked

May 13, 2026
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

May 13, 2026
[Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)

[Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)

May 13, 2026
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

May 13, 2026
Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

May 13, 2026
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

May 12, 2026
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

May 12, 2026
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

May 12, 2026
Why Agentic AI Is Security’s Next Blind Spot

Why Agentic AI Is Security’s Next Blind Spot

May 12, 2026
Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help

Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help

May 12, 2026
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

May 12, 2026
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

May 12, 2026
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

May 12, 2026
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

May 12, 2026
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

May 11, 2026
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

May 11, 2026
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

May 11, 2026
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

May 11, 2026
Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room

Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room

May 11, 2026
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

May 11, 2026
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

May 10, 2026
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

May 9, 2026
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

May 8, 2026
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

May 8, 2026
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

May 8, 2026
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

May 8, 2026