Category: Hacker News

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries

March 3, 2026
AI Agents: The Next Wave Identity Dark Matter – Powerful, Invisible, and Unmanaged

AI Agents: The Next Wave Identity Dark Matter – Powerful, Invisible, and Unmanaged

March 3, 2026
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

March 3, 2026
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

March 3, 2026
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains

SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains

March 3, 2026
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited

Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited

March 3, 2026
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

March 2, 2026
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

March 2, 2026
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More

⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More

March 2, 2026
How to Protect Your SaaS from Bot Attacks with SafeLine WAF

How to Protect Your SaaS from Bot Attacks with SafeLine WAF

March 2, 2026
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

March 2, 2026
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

March 2, 2026
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

February 28, 2026
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

February 28, 2026
Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

February 28, 2026
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

February 27, 2026
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

February 27, 2026
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

February 27, 2026
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

February 27, 2026
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

February 27, 2026
Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams

Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams

February 27, 2026
Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

February 26, 2026
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

February 26, 2026
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

February 26, 2026
Expert Recommends: Prepare for PQC Right Now

Expert Recommends: Prepare for PQC Right Now

February 26, 2026
Expert Recommends: Prepare for PQC Right Now

Expert Recommends: Prepare for PQC Right Now

February 26, 2026
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

February 26, 2026
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

February 26, 2026
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access

Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access

February 26, 2026
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

February 25, 2026
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

February 25, 2026
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

February 25, 2026
Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

February 25, 2026
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

February 25, 2026
Manual Processes Are Putting National Security at Risk

Manual Processes Are Putting National Security at Risk

February 25, 2026
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

February 25, 2026
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

February 25, 2026
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

February 25, 2026
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

February 24, 2026
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

February 24, 2026
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

February 24, 2026
Identity Prioritization isn’t a Backlog Problem – It’s a Risk Math Problem

Identity Prioritization isn’t a Backlog Problem – It’s a Risk Math Problem

February 24, 2026
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

February 24, 2026
Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

February 24, 2026
APT28 Targeted European Entities Using Webhook-Based Macro Malware

APT28 Targeted European Entities Using Webhook-Based Macro Malware

February 23, 2026
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

February 23, 2026
⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

February 23, 2026
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

February 23, 2026
How Exposed Endpoints Increase Risk Across LLM Infrastructure

How Exposed Endpoints Increase Risk Across LLM Infrastructure

February 23, 2026
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

February 23, 2026