News
The threat landscape, updated continuously.
Breaches, zero-days, and official advisories gathered from four trusted cybersecurity sources and refreshed automatically. We show the headline and a short extract only — every story links straight back to the publisher that reported it.
60 stories
- The Hacker News
OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the…
Read on The Hacker News ↗ - The Hacker News
Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed…
Read on The Hacker News ↗ - BleepingComputer
HollowByte DDoS flaw bloats OpenSSL server memory with 11-byte payload
A vulnerability dubbed HollowByte allows unauthenticated attackers to trigger a denial-of-service (DoS) condition on OpenSSL servers with a malicious payload of just 11 bytes. [...]
Read on BleepingComputer ↗ - The Hacker News
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n…
Read on The Hacker News ↗ - The Hacker News
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor…
Read on The Hacker News ↗ - BleepingComputer
Ernst & Young discloses data breach after support system hack
Ernst & Young is notifying customers of a data breach caused by the compromise of a third-party support ticket system used by its IT personnel. [...]
Read on BleepingComputer ↗ - BleepingComputer
Inside the Search for "Clean" Residential Proxies for Carding
Residential proxies are no longer the silver bullet they once were for carding. Flare explains why cybercriminals increasingly seek "clean" residential proxies and combine them with browser fingerprints, device…
Read on BleepingComputer ↗ - The Hacker News
Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images
North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding…
Read on The Hacker News ↗ - The Hacker News
E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants
The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the…
Read on The Hacker News ↗ - The Hacker News
The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?
Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition pathways…
Read on The Hacker News ↗ - BleepingComputer
New Windows LegacyHive zero-day gives hackers admin privileges
A security researcher using the "Nightmare Eclipse" handle has released a Windows zero-day exploit dubbed LegacyHive that allows attackers to escalate privileges on up-to-date Windows systems. [...]
Read on BleepingComputer ↗ - The Hacker News
Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man
Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova, told REN TV…
Read on The Hacker News ↗ - BleepingComputer
Windows Server 2022 reach end of mainstream support in 90 days
Microsoft announced that Windows Server 2022 will reach the mainstream end date in October 2026, but will switch to extended support and continue receiving security updates for five more years. [...]
Read on BleepingComputer ↗ - The Hacker News
ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files
ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and…
Read on The Hacker News ↗ - The Hacker News
New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage
Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term…
Read on The Hacker News ↗ - BleepingComputer
US charges two over laundering $43 million from investment fraud
U.S. prosecutors on Thursday charged a New York man and woman for their roles in a large-scale crime ring that laundered money stolen in cyber investment fraud scams. [...]
Read on BleepingComputer ↗ - BleepingComputer
CISA urges immediate action on actively exploited Fortinet flaws
CISA on Thursday ordered government agencies to prioritize patching two actively exploited vulnerabilities in the Fortinet FortiSandbox threat detection platform. [...]
Read on BleepingComputer ↗ - The Hacker News
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring…
Read on The Hacker News ↗ - BleepingComputer
New ClickLock macOS malware traps users into revealing login password
A new macOS information-stealing malware dubbed ClickLock terminates all visible processes to force users into entering their system login password. [...]
Read on BleepingComputer ↗ - BleepingComputer
Coca-Cola says Fairlife ransomware attack halts US dairy production
The Coca-Cola Company disclosed today that a ransomware attack impacting its Fairlife dairy subsidiary has disrupted operations, temporarily suspending production of Fairlife products across the United States. [...]
Read on BleepingComputer ↗ - BleepingComputer
Claude Chrome extension flaw lets malicious extensions trigger AI actions
A flaw in Anthropic's Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions by simulating user clicks, potentially allowing it to abuse Claude's access to connected…
Read on BleepingComputer ↗ - BleepingComputer
New OkoBot framework deploys 20 payloads to steal data, crypto
A new malicious framework called OkoBot is delivering more than 20 payloads in attacks focused on stealing cryptocurrency wallet seed phrases, credentials, and other sensitive data. [...]
Read on BleepingComputer ↗ - The Hacker News
Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack
Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of Transport for London. The attack left 148 TfL systems…
Read on The Hacker News ↗ - The Hacker News
ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories
A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage…
Read on The Hacker News ↗ - BleepingComputer
AI Agents Broke the Security Playbook. Here's What Replaces It.
Traditional security workflows were built for environments that changed at human speed. Token Security explains why AI agents require a new approach: building on a live identity foundation while giving security teams…
Read on BleepingComputer ↗ - BleepingComputer
23andMe to pay $18 million in new genetics data breach settlement
Genetic testing company 23andMe has agreed to pay $18 million to settle claims from a coalition of 43 attorneys general that it failed to protect customers' genetic data. [...]
Read on BleepingComputer ↗ - The Hacker News
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer
n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim…
Read on The Hacker News ↗ - The Hacker News
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands
Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that's been spreading via websites infected with ClickFix lures since late April 2026. "The malware is full-featured, lightweight…
Read on The Hacker News ↗ - The Hacker News
New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password
ClickLock Stealer, a new macOS infostealer, answers a victim's refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind…
Read on The Hacker News ↗ - BleepingComputer
Scattered Spider members behind TfL hack get five years in prison
Two leading members of the Scattered Spider cybercrime collective were sentenced to five years and six months in prison each for hacking Transport for London (TfL) in 2024. [...]
Read on BleepingComputer ↗ - BleepingComputer
Windows 11 24H2 Home and Pro reach end of support in 90 days
Microsoft announced on Wednesday that systems running Windows 10 Enterprise LTSB 2016 and Home and Pro editions of Windows 11 24H2 will stop receiving updates in three months. [...]
Read on BleepingComputer ↗ - The Hacker News
20+ Hijacked Government Websites Became an Attack Channel
More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat…
Read on The Hacker News ↗ - The Hacker News
New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands
Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click "Buy Now" instead. Ask a coding assistant to apply a maintainer's fix from a GitHub thread, and a fake comment…
Read on The Hacker News ↗ - The Hacker News
Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor
An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin…
Read on The Hacker News ↗ - The Hacker News
AI Can Find Bugs, But Human Knowledge Still Proves Them
Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read code quickly, generate…
Read on The Hacker News ↗ - The Hacker News
Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide
Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people's Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the…
Read on The Hacker News ↗ - The Hacker News
OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol
OpenAI has disclosed details of GPT-Red, an internal automated red-teaming model that scales prompt injection vulnerability discovery with an aim to fix issues before the tools are deployed widely. "GPT‑Red is a strong…
Read on The Hacker News ↗ - The Hacker News
Zoom Patches Critical Windows Flaw That Could Enable Account Takeover
Zoom has released security updates for a critical security flaw impacting Zoom Workplace for Windows that could facilitate account takeover. The vulnerability, tracked as CVE-2026-53412 (CVSS score: 9.8), affects Zoom…
Read on The Hacker News ↗ - The Hacker News
TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development
Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language…
Read on The Hacker News ↗ - The Hacker News
OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps
A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes…
Read on The Hacker News ↗ - The Hacker News
Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below - CVE-2026-15718, an invalid pointer in the…
Read on The Hacker News ↗ - The Hacker News
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.
For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS…
Read on The Hacker News ↗ - The Hacker News
Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of…
Read on The Hacker News ↗ - The Hacker News
New Webinar: Closing the Approval Gap in AI-Era Ad Tech
A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full access to your forms, customer data, and checkout pages. This on-demand webinar reveals how this…
Read on The Hacker News ↗ - Krebs on Security
Microsoft Patches a Record 570 Security Flaws
Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its…
Read on Krebs on Security ↗ - Krebs on Security
Lessons Learned from CISA’s Recent GitHub Leak
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys -- in a public GitHub…
Read on Krebs on Security ↗ - CISA Alerts
Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting
Russian Government-Sponsored Activity Targets Poorly Configured and Vulnerable Devices Across Critical Sectors Executive summary Russian Federal Security Service (FSB) Center 16 cyber actors continue to exploit poorly…
Read on CISA Alerts ↗ - Krebs on Security
Felons, Fraudsters Flog Offensive Cybersecurity Startup
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures…
Read on Krebs on Security ↗ - Krebs on Security
FBI Seizes NetNut Proxy Platform, Popa Botnet
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli…
Read on Krebs on Security ↗ - Krebs on Security
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the…
Read on Krebs on Security ↗ - Krebs on Security
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts…
Read on Krebs on Security ↗ - Krebs on Security
Who Runs the Ransomware Group ‘The Gentlemen?’
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises…
Read on Krebs on Security ↗ - Krebs on Security
A Record-Breaking Patch Tuesday for June 2026
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly…
Read on Krebs on Security ↗ - CISA Alerts
Defending Against China-Nexus Covert Networks of Compromised Devices
Defending against china-nexus covert networks of compromised devices executive summary Defending against China-nexus covert networks of compromised devices Explaining the widespread shift in tactics, techniques and…
Read on CISA Alerts ↗ - CISA Alerts
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
Advisory at a Glance Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publication April 7, 2026 Executive Summary Iran-affiliated advanced…
Read on CISA Alerts ↗ - CISA Alerts
Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
Summary Note: This joint Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, 2025, joint fact sheet Primary Mitigations to Reduce Cyber Threats…
Read on CISA Alerts ↗ - CISA Alerts
CISA Shares Lessons Learned from an Incident Response Engagement
Advisory at a Glance Executive Summary CISA began incident response efforts at a U.S. federal civilian executive branch (FCEB) agency following the detection of potential malicious activity identified through security…
Read on CISA Alerts ↗ - CISA Alerts
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
Executive summary People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and…
Read on CISA Alerts ↗ - CISA Alerts
CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization
Summary The Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Coast Guard (USCG) are issuing this Cybersecurity Advisory to present findings from a recent CISA and USCG hunt engagement. The purpose of…
Read on CISA Alerts ↗ - CISA Alerts
#StopRansomware: Interlock
Summary Note : This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These…
Read on CISA Alerts ↗