Category: Hacker News

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

January 28, 2026
WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware

WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware

January 27, 2026
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities

Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities

January 27, 2026
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

January 27, 2026
CTEM in Practice: Prioritization, Validation, and Outcomes That Matter

CTEM in Practice: Prioritization, Validation, and Outcomes That Matter

January 27, 2026
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

January 27, 2026
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

January 27, 2026
Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation

Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation

January 27, 2026
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

January 26, 2026
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

January 26, 2026
⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

January 26, 2026
Winning Against AI-Based Attacks Requires a Combined Defensive Approach

Winning Against AI-Based Attacks Requires a Combined Defensive Approach

January 26, 2026
Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

January 26, 2026
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware

January 24, 2026
Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

January 24, 2026
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog

January 24, 2026
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

January 24, 2026
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities

January 23, 2026
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

January 23, 2026
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

January 23, 2026
TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order

TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order

January 23, 2026
Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

January 23, 2026
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

January 22, 2026
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

January 22, 2026
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories

ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories

January 22, 2026
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

January 22, 2026
Filling the Most Common Gaps in Google Workspace Security

Filling the Most Common Gaps in Google Workspace Security

January 22, 2026
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

January 22, 2026
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

January 22, 2026
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

January 22, 2026
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

January 21, 2026
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

January 21, 2026
Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

January 21, 2026
Exposure Assessment Platforms Signal a Shift in Focus

Exposure Assessment Platforms Signal a Shift in Focus

January 21, 2026
Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

January 21, 2026
VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code

VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code

January 21, 2026
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

January 21, 2026
LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords

LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords

January 21, 2026
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

January 20, 2026
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

January 20, 2026
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

January 20, 2026
The Hidden Risk of Orphan Accounts

The Hidden Risk of Orphan Accounts

January 20, 2026
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

January 20, 2026
Why Secrets in JavaScript Bundles are Still Being Missed

Why Secrets in JavaScript Bundles are Still Being Missed

January 20, 2026
Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers

January 20, 2026
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion

January 20, 2026
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

January 19, 2026
⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More

⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More

January 19, 2026
DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses

DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses

January 19, 2026
New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs

January 19, 2026