Category: Hacker News

The Buyer’s Guide to AI Usage Control

The Buyer’s Guide to AI Usage Control

February 5, 2026
Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

February 5, 2026
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

February 5, 2026
Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

February 4, 2026
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

February 4, 2026
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

February 4, 2026
Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

February 4, 2026
The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

February 4, 2026
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

February 4, 2026
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

February 4, 2026
CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

February 4, 2026
Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

February 3, 2026
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

February 3, 2026
[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

February 3, 2026
When Cloud Outages Ripple Across the Internet

When Cloud Outages Ripple Across the Internet

February 3, 2026
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

February 3, 2026
Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

February 3, 2026
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

February 3, 2026
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

February 2, 2026
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

February 2, 2026
Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

February 2, 2026
Securing the Mid-Market Across the Complete Threat Lifecycle

Securing the Mid-Market Across the Complete Threat Lifecycle

February 2, 2026
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

February 2, 2026
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

February 2, 2026
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

February 2, 2026
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

February 2, 2026
Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

January 31, 2026
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

January 31, 2026
CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

January 31, 2026
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

January 30, 2026
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

January 30, 2026
Badges, Bytes and Blackmail

Badges, Bytes and Blackmail

January 30, 2026
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score

January 30, 2026
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

January 30, 2026
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

January 30, 2026
Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

January 29, 2026
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories

ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories

January 29, 2026
Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

January 29, 2026
3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026

3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026

January 29, 2026
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

January 29, 2026
Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks

Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks

January 29, 2026
Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid

Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid

January 28, 2026
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

January 28, 2026
From Triage to Threat Hunts: How AI Accelerates SecOps

From Triage to Threat Hunts: How AI Accelerates SecOps

January 28, 2026
Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks

Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks

January 28, 2026
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

January 28, 2026
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

January 28, 2026
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

January 28, 2026
Password Reuse in Disguise: An Often-Missed Risky Workaround

Password Reuse in Disguise: An Often-Missed Risky Workaround

January 28, 2026
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

January 28, 2026