All News
The Hacker News
The Hacker News
March 28, 2026
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
Iran-linked Handala Hack breached FBI Director’s email amid MOIS domain seizures, escalating destructive cyber ops.
The Hacker News
March 28, 2026
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
CVE-2026-3055 targets Citrix NetScaler with active reconnaissance, risking data leaks on SAML IDP setups.
The Hacker News
March 28, 2026
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
CISA adds actively exploited F5 BIG-IP APM CVE-2025-53521 (CVSS 9.3) to KEV, ordering FCEB patch by March 30, 2026 to curb RCE risk.
The Hacker News
March 28, 2026
TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
TA446 used leaked DarkSword on March 26 to target iOS devices, prompting Apple alerts and widening mobile espionage risks.
The Hacker News
March 27, 2026
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
Apple issues Lock Screen alerts after Coruna and DarkSword exploit kits target iOS 13.0–18.7, increasing web-based attack risks.
The Hacker News
March 27, 2026
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
The Hacker News
March 27, 2026
We Are At War
Rising geopolitical tensions are reflected by cyber operations, while tech itself has become politicized. Let’s admit it: we are in the midd...
The Hacker News
March 27, 2026
Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware
Bearlyfy launched 70+ attacks since 2025 using GenieLocker ransomware, targeting Russian firms, driving high ransom payments.
The Hacker News
March 27, 2026
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Three LangChain flaws enable data theft across LLM apps, affecting millions of deployments, exposing secrets and files.
The Hacker News
March 26, 2026
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
China-linked Red Menshen embeds BPFDoor in telecom networks since 2021, enabling stealth espionage via kernel implants.
The Hacker News
March 26, 2026
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until Feb 19, 2026 fi...
The Hacker News
March 26, 2026
Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
81% of attacks are malware-free as AI-driven mimicry hides threats in trusted systems, increasing detection difficulty and risk.
The Hacker News
March 26, 2026
ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are being quietly a...
The Hacker News
March 26, 2026
Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks
Coruna reuses Triangulation kernel exploits targeting iOS 13–17.2.1 devices, expanding attacks into mass exploitation campaigns.
The Hacker News
March 26, 2026
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
Validate your security posture with real attacker behavior using continuous, CTI-driven testing to uncover gaps and prove defenses work.
The Hacker News
March 26, 2026
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
The Hacker News
March 25, 2026
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
Russian authorities arrested the alleged admin of LeakBase, a cybercrime forum operating since 2021 that enabled trading stolen data.
The Hacker News
March 25, 2026
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
GlassWorm uses Solana and Google Calendar dead drops to deliver RAT stealing browser data and crypto wallets, impacting developers.
The Hacker News
March 25, 2026
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
AI agents executed 80–90% of espionage tasks in 2025; compromised agents bypass kill chain, enabling stealth access and data exfiltration.
The Hacker News
March 25, 2026
Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
TA551 botnet infected 72 U.S. firms via spam malware, enabling $14.17M ransomware extortion, leading to prison sentences.
The Hacker News
March 25, 2026
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and account takeove...
The Hacker News
March 25, 2026
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
FCC bans foreign routers after security findings warn of supply chain risks and cyberattacks on infrastructure, impacting future device sale...
The Hacker News
March 24, 2026
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide persistence and later...
The Hacker News
March 24, 2026
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
FAUX#ELEVATE phishing deploys stealers and miners via fake resumes, targeting enterprise systems, enabling rapid credential theft in 25 seco...
The Hacker News
March 24, 2026
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
7 malicious npm packages steal crypto wallets by phishing sudo passwords via fake installs, leading to RAT deployment and credential exfiltr...
The Hacker News
March 24, 2026
5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
AI agent adoption hits 70% enterprises, outpacing governance controls, increasing risks like outages and attacks.
The Hacker News
March 24, 2026
The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
Lack of foundational cybersecurity context weakens risk prioritization, causing misaligned tools and slower incident response.
The Hacker News
March 24, 2026
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
TeamPCP compromised 2 GitHub Actions post-March 19, 2026 breach, enabling credential theft and supply chain attacks.
The Hacker News
March 24, 2026
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
Russian hacker gets 6.75 years after enabling ransomware attacks causing $9M+ losses, highlighting access broker role in cybercrime.
The Hacker News
March 24, 2026
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix fixes CVE-2026-3055 memory flaw in NetScaler, enabling data leaks in SAML setups, raising risk of imminent exploitation.
The Hacker News
March 23, 2026
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and enabling remote con...
The Hacker News
March 23, 2026
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Trivy backdoored, FBI buys location data, iOS DarkSword kit, WhatsApp usernames, Langflow RCE, Cisco FMC zero-day & critical CVEs to patch.
The Hacker News
March 23, 2026
We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
8 Bedrock attack vectors exploit permissions and integrations, enabling data theft, agent hijacking, and system compromise at scale.
The Hacker News
March 23, 2026
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft warns tax-season phishing hit 29,000 users via IRS lures, enabling credential theft and RMM-based access.
The Hacker News
March 23, 2026
Telegram's Crackdown Changed How Threat Actors Act, But Not Where They Act
Telegram blocked 43M channels in 2025, but cybercrime persists as actors adapt, maintaining platform dominance and forcing continuous monito...
The Hacker News
March 23, 2026
Why Institutions of Higher Education Face Unique Identity Security and Management Risk
Hybrid identity gaps and high user turnover create orphaned accounts in universities, increasing attack surface and breach risk.
The Hacker News
March 23, 2026
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Trivy supply chain attack pushed malicious Docker images on March 22, enabling credential theft and worm spread, impacting cloud environment...
The Hacker News
March 23, 2026
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
CVE-2025-32975 exploited since March 2026 on unpatched KACE SMA systems, enabling admin takeover and payload delivery.
The Hacker News
March 21, 2026
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Russian-linked phishing hits thousands of messaging accounts via fake support tactics, enabling impersonation and data access.
The Hacker News
March 21, 2026
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.
The Hacker News
March 21, 2026
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
CISA adds 5 exploited flaws (CVSS up to 10.0) to KEV, mandates April 3, 2026 patching to prevent malware and espionage attacks.
The Hacker News
March 21, 2026
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.
The Hacker News
March 20, 2026
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.
The Hacker News
March 20, 2026
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.
The Hacker News
March 20, 2026
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Google adds 24-hour sideloading delay amid 17 malware families in 4 months, reducing scam-driven installs and device compromise risk.
The Hacker News
March 20, 2026
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
AI-based cyber attacks often blend in with normal behavior. Learn why behavioral analytics must adapt to protect digital identities from AI-...
The Hacker News
March 20, 2026
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
Magento flaw allows unauthenticated file uploads up to 2.4.9-alpha2, enabling RCE or takeover, exposing stores to attack risk.
The Hacker News
March 20, 2026
DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
DoJ disrupts IoT botnets behind 31.4 Tbps DDoS attacks using 3M devices, reducing global extortion-driven outages.
The Hacker News
March 20, 2026
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
Outdated iOS exploited via Coruna, DarkSword kits through web attacks, enabling mass data theft on unpatched devices.
The Hacker News
March 19, 2026