Category: Hacker News

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

April 21, 2026
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

April 20, 2026
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

April 20, 2026
Why Most AI Deployments Stall After the Demo

Why Most AI Deployments Stall After the Demo

April 20, 2026
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

April 20, 2026
Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

April 20, 2026
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

April 20, 2026
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

April 18, 2026
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

April 18, 2026
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

April 17, 2026
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul

Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul

April 17, 2026
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

April 17, 2026
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

April 17, 2026
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

April 17, 2026
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

April 16, 2026
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

April 16, 2026
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu

Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu

April 16, 2026
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

April 16, 2026
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

April 16, 2026
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment

[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment

April 16, 2026
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

April 16, 2026
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

April 15, 2026
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

April 15, 2026
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

April 15, 2026
Deterministic + Agentic AI: The Architecture Exposure Validation Requires

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

April 15, 2026
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

April 15, 2026
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

April 15, 2026
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

April 14, 2026
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

April 14, 2026
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

April 14, 2026
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

April 14, 2026
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

April 14, 2026
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

April 14, 2026
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

April 14, 2026
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

April 14, 2026
JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

April 13, 2026
FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts

April 13, 2026
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

April 13, 2026
Your MTTD Looks Great. Your Post-Alert Gap Doesn’t

Your MTTD Looks Great. Your Post-Alert Gap Doesn’t

April 13, 2026
North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

April 13, 2026
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

April 13, 2026
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

April 12, 2026
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

April 12, 2026
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

April 11, 2026
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

April 10, 2026
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

April 10, 2026
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

April 10, 2026
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

April 10, 2026
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

April 10, 2026
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

April 9, 2026