tag:blogger.com,1999:blog-48028414786341472762026-04-16T11:50:17.967+05:30The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackersUnknownnoreply@blogger.comBlogger16219125tag:blogger.com,1999:blog-4802841478634147276.post-67591616518431078822026-04-16T11:50:00.002+05:302026-04-16T11:50:17.861+05:30

The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and WhatsApp. The activity, which was observed between March and April

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-7914938042153101742026-04-15T22:39:00.001+05:302026-04-15T22:39:23.834+05:30

Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-46218192072197772922026-04-15T18:26:00.006+05:302026-04-16T10:23:31.429+05:30

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. "

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-69261598154109102882026-04-15T18:07:00.002+05:302026-04-15T18:07:33.999+05:30

A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database 

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-40681863194819267702026-04-15T17:00:00.008+05:302026-04-15T17:00:00.116+05:30

Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-26212381926871575482026-04-15T14:10:00.002+05:302026-04-15T15:44:41.353+05:30

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-30657671332060538822026-04-15T10:00:00.001+05:302026-04-15T10:11:19.512+05:30

OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. "The progressive use of AI accelerates defenders – those responsible for keeping systems, data, and users safe – enabling them to find and fix problems

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-42122347388971355822026-04-14T21:27:00.000+05:302026-04-14T21:27:00.203+05:30

Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below - CVE-2026-40176 (CVSS

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-25599496308622082332026-04-14T20:26:00.000+05:302026-04-14T20:26:42.831+05:30

Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. "The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-65860792220994413222026-04-14T20:00:00.002+05:302026-04-15T10:13:31.278+05:30

Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams. The campaign, which has been

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-36801800652495149022026-04-14T15:50:00.000+05:302026-04-14T15:50:38.744+05:30

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-13603439177134396412026-04-14T15:30:00.000+05:302026-04-14T15:30:00.120+05:30

OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a "velocity gap" where the density of high-impact vulnerabilities is scaling faster than

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-46375777771910462412026-04-14T14:05:00.001+05:302026-04-14T19:08:22.852+05:30

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited. According to Socket, the extensions (complete list

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-40652042213384476272026-04-14T11:20:00.002+05:302026-04-14T11:20:21.462+05:30

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-67674598807691947722026-04-14T11:09:00.002+05:302026-04-14T19:08:37.952+05:30

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) -  An SQL injection vulnerability in  Fortinet FortiClient EMS that could allow an

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-86338668561335905082026-04-13T22:45:00.002+05:302026-04-14T10:48:13.685+05:30

Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated with specific financial entities, as well as track mouse inputs, log keystrokes, take screenshots, and collect system metadata. "One of the

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-31071114526403825112026-04-13T20:16:00.002+05:302026-04-14T10:48:58.677+05:30

The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims' account credentials and attempt more than $20 million in fraud. In tandem, authorities detained the alleged developer, who has&

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-13498834295682105102026-04-13T18:31:00.003+05:302026-04-14T13:23:56.677+05:30

Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-70170970404073044062026-04-13T17:11:00.002+05:302026-04-13T20:20:38.240+05:30

Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks' Wendi Whitmore warned that similar capabilities are weeks or months from proliferation. CrowdStrike's 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant's M-Trends

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-81606021772793510192026-04-13T14:45:00.002+05:302026-04-13T14:45:11.636+05:30

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-82110470691324925482026-04-13T12:20:00.003+05:302026-04-14T10:48:43.627+05:30

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI said in a post last week. "We found no

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-28967926635482856192026-04-12T11:24:00.001+05:302026-04-13T19:18:02.333+05:30

Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-1501191518770431092026-04-12T09:55:00.005+05:302026-04-14T13:24:23.191+05:30

Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations. It has been described as

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-9549508581095400272026-04-11T11:32:00.001+05:302026-04-11T11:32:26.878+05:30

Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-44577461586408291202026-04-10T18:53:00.001+05:302026-04-10T18:53:17.453+05:30

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.com