Category: Hacker News

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

April 29, 2026
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

April 29, 2026
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

April 29, 2026
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

April 29, 2026
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

April 28, 2026
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

April 28, 2026
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

April 28, 2026
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

April 28, 2026
After Mythos: New Playbooks For a Zero-Window Era

After Mythos: New Playbooks For a Zero-Window Era

April 28, 2026
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

April 28, 2026
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks

April 28, 2026
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

April 28, 2026
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

April 28, 2026
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

April 27, 2026
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

April 27, 2026
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

April 27, 2026
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

April 27, 2026
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side

April 27, 2026
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

April 27, 2026
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

April 25, 2026
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

April 25, 2026
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

April 24, 2026
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

April 24, 2026
Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

April 24, 2026
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

April 24, 2026
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

April 24, 2026
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

April 24, 2026
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

April 23, 2026
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

April 23, 2026
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

April 23, 2026
Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?

Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?

April 23, 2026
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed

[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed

April 23, 2026
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

April 23, 2026
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

April 23, 2026
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case

Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case

April 23, 2026
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

April 22, 2026
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

April 22, 2026
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

April 22, 2026
Toxic Combinations: When Cross-App Permissions Stack into Risk

Toxic Combinations: When Cross-App Permissions Stack into Risk

April 22, 2026
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

April 22, 2026
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

April 22, 2026
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

April 22, 2026
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

April 22, 2026
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

April 21, 2026
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

April 21, 2026
22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters

22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters

April 21, 2026
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time

5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time

April 21, 2026
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

April 21, 2026
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

April 21, 2026
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

April 21, 2026