#  @TheHackersNews The Hacker News Multiple high-profile hacking incidents and vulnerabilities have been recently reported. North Korean hackers are using fake job interviews to spread malware, while Chinese hackers are targeting governments and defense contractors using various backdoors and exploits. Additionally, critical flaws have been discovered in various software, including Cisco VPN gear, SolarWinds Web Help Desk, and Supermicro BMC, which could allow attackers to gain unauthorized access. ### Engagements: [-------] [#](/creator/twitter::209811713/interactions)  - [--] Week [---------] -8.40% - [--] Month [---------] +50% - [--] Months [----------] +104% - [--] Year [----------] +32% ### Mentions: [---] [#](/creator/twitter::209811713/posts_active)  - [--] Week [---] -10% - [--] Month [---] +36% - [--] Months [-----] +30% - [--] Year [-----] +38% ### Followers: [---------] [#](/creator/twitter::209811713/followers)  - [--] Week [---------] +1.30% - [--] Month [---------] +5.80% - [--] Months [---------] +8.60% - [--] Year [---------] +9.50% ### CreatorRank: [------] [#](/creator/twitter::209811713/influencer_rank)  ### Social Influence **Social category influence** [technology brands](/list/technology-brands) 28.29% [stocks](/list/stocks) #4341 [countries](/list/countries) 10.08% [social networks](/list/social-networks) 5.04% [finance](/list/finance) 3.1% [cryptocurrencies](/list/cryptocurrencies) 1.55% **Social topic influence** [ai](/topic/ai) #2512, [$googl](/topic/$googl) #838, [microsoft](/topic/microsoft) #276, [systems](/topic/systems) #45, [crypto](/topic/crypto) #1978, [data](/topic/data) 3.88%, [china](/topic/china) 3.49%, [telegram](/topic/telegram) #386, [hidden](/topic/hidden) 3.1%, [apple](/topic/apple) #2094 **Top accounts mentioned or mentioned by** [@jackgoesvirtual](/creator/undefined) [@intelligencer41](/creator/undefined) [@securedotcom](/creator/undefined) [@ababino](/creator/undefined) [@kindnessuae](/creator/undefined) [@grok](/creator/undefined) [@huntresslabs](/creator/undefined) [@talossecurity](/creator/undefined) [@sanarsh11](/creator/undefined) [@transcrypts_](/creator/undefined) [@paliraj94187](/creator/undefined) [@dcicybersecnews](/creator/undefined) [@bteater51](/creator/undefined) [@_reverseai_](/creator/undefined) [@anantnetratech](/creator/undefined) [@zastai](/creator/undefined) [@activestates](/creator/undefined) [@orchidsecurity](/creator/undefined) [@semgrep](/creator/undefined) [@filigranhqs](/creator/undefined) **Top assets mentioned** [Alphabet Inc Class A (GOOGL)](/topic/$googl) [Microsoft Corp. (MSFT)](/topic/microsoft) [SolarWinds Corporation Common Stock (SWI)](/topic/$swi) [Zscaler Inc (ZS)](/topic/$zs) [Solana (SOL)](/topic/solana) ### Top Social Posts Top posts by engagements in the last [--] hours "Security startup @zast_ai secured new backing to scale AI-driven vulnerability validation. Its research led to [---] CVE assignments after uncovering hundreds of zero-days. Affected targets included Azure SDK Apache Struts and Alibaba Nacos. π Funding research scope enterprise impact https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html" [X Link](https://x.com/TheHackersNews/status/2021510440468300249) 2026-02-11T09:03Z 1M followers, [----] engagements "Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent Quick Share flaw CVE-2024-10668 bypasses earlier fixes enabling DoS or unauthorized file delivery" [X Link](https://thehackernews.com/2025/04/google-patches-quick-share.html) 2025-04-03T08:21Z 1M followers, 24.1K engagements "Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate devices via SAML abuse" [X Link](https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html) 2026-01-23T12:31Z 1M followers, 20.7K engagements "Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm Open VSX supply chain attack hijacked VS Code extensions delivered GlassWorm malware stealing macOS crypto and developer data" [X Link](https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html) 2026-02-02T05:08Z 998.1K followers, 46.8K engagements "Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited Security Updates Released Ivanti released fixes for two actively exploited EPMM zero-day RCE flaws including CVE-2026-1281 added to CISAs KEV affecting versions before 12.8" [X Link](https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html) 2026-01-30T04:47Z 997.8K followers, 53.7K engagements "SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass SolarWinds fixed six Web Help Desk vulnerabilities including four critical flaws that allow unauthenticated remote code execution" [X Link](https://thehackernews.com/2026/01/solarwinds-fixes-four-critical-web-help.html) 2026-01-29T09:01Z 1M followers, 12.4K engagements "Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk" [X Link](https://thehackernews.com/2026/02/eclipse-foundation-mandates-pre-publish.html) 2026-02-04T07:12Z 993K followers, [--] engagements "Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos Microsoft confirms a 3-phase strategy to deprecate NTLM improve auditing prioritize Kerberos and disable NTLM by default in future Windows releases" [X Link](https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html) 2026-02-02T16:06Z 1M followers, 14.2K engagements "Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP Critical Apache HugeGraph vulnerability exploited in the wild. Urgent update required to prevent remote code execution attacks. Patch now available" [X Link](https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html) 2026-02-06T22:05Z 1M followers, [--] engagements "Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations Arctic Wolf reports automated attacks on FortiGate devices abusing FortiCloud SSO flaws to change firewall settings and steal configurations" [X Link](https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html) 2026-01-22T06:12Z 997.5K followers, 11.1K engagements "⚡ Weekly Recap: Firewall Flaws AI-Built Malware Browser Traps Critical CVEs & More Weekly cybersecurity recap covering emerging threats fast-moving attacks critical flaws and key security developments you need to track this week" [X Link](https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html) 2026-01-26T14:08Z 992.3K followers, 34.8K engagements "CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog CISA added VMware vCenter vulnerability CVE-2024-37079 to its KEV list after confirmed in-the-wild exploitation urging organizations to apply patches" [X Link](https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html) 2026-01-24T08:10Z 994.2K followers, 38.2K engagements "China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since [----] Experts details PeckBirdy a JavaScript C2 framework used since [----] by China-aligned attackers to spread malware via fake updates & web injections" [X Link](https://thehackernews.com/2026/01/china-linked-hackers-have-used.html) 2026-01-27T09:04Z 995.7K followers, 16K engagements "Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access Experts uncovered malicious Chrome extensions that replace affiliate links exfiltrate data and steal ChatGPT authentication tokens from users" [X Link](https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html) 2026-01-30T13:47Z 1M followers, 22.9K engagements "Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution Researchers disclosed two n8n vulnerabilities that let authenticated users bypass JavaScript and Python sandboxes to run arbitrary code" [X Link](https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html) 2026-01-28T12:44Z 1M followers, 18.3K engagements "Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions Cybercriminals exploit Grok to bypass X ad protections spreading malware via hidden links amplified to millions" [X Link](https://thehackernews.com/2025/09/cybercriminals-exploit-xs-grok-ai-to.html) 2025-08-16T05:35Z 1M followers, 38.4K engagements "Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware giving attackers persistent remote access to developer syst" [X Link](https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html) 2026-01-28T17:48Z 1M followers, 17.8K engagements "Ex-Google Engineer Convicted for Stealing [----] AI Trade Secrets for China Startup A U.S. jury convicted a former Google engineer of stealing over [----] AI trade secret documents to benefit China-linked companies DOJ says" [X Link](https://thehackernews.com/2026/01/ex-google-engineer-convicted-for.html) 2026-01-30T07:39Z 1M followers, 26.3K engagements "When Cloud Outages Ripple Across the Internet Cloud outages expose identity systems as critical failure points turning infrastructure disruptions into major business continuity risks" [X Link](https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html) 2026-02-03T11:36Z 996.5K followers, [----] engagements "New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands Critical n8n flaw CVE-2025-68668 allows authenticated users to run system commands via workflows; affects versions 1.0.0 to before 2.0.0 fixed in 2.0" [X Link](https://thehackernews.com/2026/01/new-n8n-vulnerability-99-cvss-lets.html) 2026-01-06T05:13Z 999.5K followers, 22.7K engagements "eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware Attackers breached eScan antivirus update infrastructure to push malicious updates deploying persistent malware on enterprise and consumer systems" [X Link](https://thehackernews.com/2026/02/escan-antivirus-update-servers.html) 2026-02-02T06:02Z 995.4K followers, [--] engagements "Russian ELECTRUM Tied to December [----] Cyber Attack on Polish Power Grid Dragos attributes a December [----] Polish grid attack to ELECTRUM disrupting [--] DER sites without outages but damaging OT" [X Link](https://thehackernews.com/2026/01/russian-electrum-tied-to-december-2025.html) 2026-01-28T16:16Z 993.2K followers, 10.1K engagements "Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts Five fake Chrome extensions impersonate Workday and NetSuite to steal cookies block admin controls and hijack sessions for account takeover" [X Link](https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html) 2026-01-16T14:11Z 994.5K followers, 13.2K engagements "Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution A critical vm2 Node.js vulnerability (CVE-2026-22709 CVSS 9.8) allows sandbox escape via Promise handler bypass" [X Link](https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html) 2026-01-28T14:07Z 1M followers, 11.9K engagements "Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps Study of 100+ energy OT sites reveals unpatched devices flat networks and hidden assets with critical issues detected within minutes" [X Link](https://thehackernews.com/2026/01/survey-of-100-energy-systems-reveals.html) 2026-01-29T15:58Z 1M followers, [----] engagements "DarkSpectre Browser Extension Campaigns Exposed After Impacting [---] Million Users Worldwide A China-linked threat actor used malicious browser extensions over seven years to steal data and corporate intelligence from Chrome Edge and Firefox" [X Link](https://thehackernews.com/2025/12/darkspectre-browser-extension-campaigns.html) 2025-12-31T16:19Z 1M followers, 17.7K engagements "The Buyer’s Guide to AI Usage Control AI adoption is surging but enterprises lack visibilityAI Usage Control enables real-time governance of interactions and risks" [X Link](https://thehackernews.com/2026/02/the-buyers-guide-to-ai-usage-control.html) 2026-02-05T11:49Z 996.5K followers, [--] engagements "China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking Malware Delivery China-linked DKnife framework uses router-level AitM implants for traffic hijacking credential theft and malware delivery targeting edge devices" [X Link](https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html) 2026-02-06T14:57Z 1M followers, [----] engagements "Trend Micro Apex Central RCE Flaw Scores [---] CVSS in On-Prem Windows Versions Trend Micro patched a critical Apex Central on-prem Windows flaw (CVE-2025-69258) with CVSS [---] that allows remote code execution if access exists" [X Link](https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html) 2026-01-09T10:01Z 1M followers, 14.7K engagements "GootLoader Malware Uses [-------] Concatenated ZIP Archives to Evade Detection GootLoader malware is abusing malformed ZIP archives that bypass common tools like WinRAR & deliver JavaScript payloads via Windows default extractor" [X Link](https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html) 2026-01-16T18:04Z 993.1K followers, 13.9K engagements "Matrix Push C2 Uses Browser Notifications for Fileless Cross-Platform Phishing Attacks Matrix Push C2 abuses browser notifications for fileless cross-platform phishing while Velociraptor misuse rises after a Windows Server flaw" [X Link](https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html) 2025-11-22T07:10Z 998.7K followers, 149.3K engagements "Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server Warlock ransomware breached SmarterTools via unpatched SmarterMail exploiting critical flaws to access Windows systems and deploy encryption payloads" [X Link](https://thehackernews.com/2026/02/warlock-ransomware-breaches.html) 2026-02-10T11:30Z 1M followers, [--] engagements "Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities Pakistan-linked hackers targeted Indian government entities using phishing Google services Golang malware and GitHub-based command-and-control" [X Link](https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html) 2026-01-27T16:46Z 1M followers, 13.4K engagements "⚡ Weekly Recap: AI Skill Malware 31Tbps DDoS Notepad++ Hack LLM Backdoors and More This weeks cyber recap covers AI risks supply-chain attacks major breaches DDoS spikes and critical vulnerabilities security teams must track" [X Link](https://thehackernews.com/2026/02/weekly-recap-ai-skill-malware-31tbps.html) 2026-02-09T13:55Z 1M followers, [--] engagements "Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed private meeting data" [X Link](https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html) 2026-01-19T17:22Z 993.5K followers, 113.4K engagements "Two Firms That Plotted Against WikiLeaks Finally Apologize Two Firms That Plotted Against WikiLeaks Finally Apologize Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities" [X Link](https://thehackernews.com/2011/02/two-firms-that-plotted-against.html) 2026-02-05T19:25Z 997.2K followers, [--] engagements "Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected Fortinet released updates for an actively exploited FortiOS SSO authentication bypass flaw CVE-2026-24858 now listed by CISA in KEV" [X Link](https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html) 2026-01-28T04:53Z 1M followers, 16K engagements "Rogue NuGet Package Poses as Tracer.Fody Steals Cryptocurrency Wallet Data A fake NuGet package mimicking Tracer.Fody stayed online for years stealing Stratis wallet files and passwords from Windows systems" [X Link](https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html) 2025-12-16T15:43Z 1M followers, 10.8K engagements "Researchers Find [------] Publicly Exposed Ollama AI Servers Across [---] Countries Over [------] publicly exposed Ollama AI servers across [---] countries with many enabling tool calling that allows code execution and LLMjacking abuse" [X Link](https://thehackernews.com/2026/01/researchers-find-175000-publicly.html) 2026-01-29T18:39Z 1M followers, 15.6K engagements "Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi Zero-click AirPlay vulnerabilities exposed in March [----] could let malware spread across networks undetected" [X Link](https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html) 2025-05-05T17:07Z 1M followers, 38.2K engagements "GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware GeoServer vulnerability exploited to deliver malware botnets and backdoors affecting global IT government and telecom sectors" [X Link](https://thehackernews.com/2024/09/geoserver-vulnerability-targeted-by.html) 2024-09-06T15:16Z 991.9K followers, [----] engagements "Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions Google releases critical Chrome update patching zero-day CVE-2025-10585 discovered Sept [--] to block active V8 JavaScript engine exploits worldwide" [X Link](https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html) 2025-09-18T05:51Z 999.5K followers, 145.2K engagements "Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution Apache OFBiz vulnerability CVE-2024-45195 patched preventing unauthenticated remote code execution on Linux and Windows" [X Link](https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html) 2024-09-06T05:22Z 994.3K followers, 11.8K engagements "How Samsung Knox Helps Stop Your Network Security Breach Discover how Samsung Knox enhances mobile network security with granular controls Zero Trust principles & seamless integration for a safer enterprise" [X Link](https://thehackernews.com/2026/02/how-samsung-knox-helps-stop-your-network-security-breach.html) 2026-02-06T10:43Z 1M followers, [----] engagements "Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials browser data and cryptocurrency wallets on Windows" [X Link](https://thehackernews.com/2026/01/evelyn-stealer-malware-abuses-vs-code.html) 2026-01-20T20:16Z 1M followers, [---] engagements "Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App North Korean group Kimsuky uses QR code phishing sites posing as CJ Logistics to spread DocSwap Android malware with RAT capabilities" [X Link](https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html) 2025-12-18T07:45Z 1M followers, [----] engagements "Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day CVE-2026-21509 a security feature bypass flaw" [X Link](https://thehackernews.com/2026/01/microsoft-issues-emergency-patch-for.html) 2026-01-27T07:21Z 998.5K followers, 117.3K engagements "Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware A multi-stage phishing campaign targeting Russia abuses GitHub and Dropbox to disable Microsoft Defender and deploy Amnesia RAT and ransomware" [X Link](https://thehackernews.com/2026/01/multi-stage-phishing-campaign-targets.html) 2026-01-24T11:09Z 1M followers, 15.9K engagements "Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution CVE-2025-22604 in Cacti (CVSS 9.1) enables authenticated attackers to execute remote code. Upgrade to version 1.2.29 to mitigate the critical flaw" [X Link](https://thehackernews.com/2025/01/critical-cacti-security-flaw-cve-2025.html) 2025-01-29T10:21Z 995.2K followers, 19.3K engagements "SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers Microsoft links SolarWinds WHD exploits to RCE lateral movement and domain compromise in multi-stage attacks" [X Link](https://thehackernews.com/2026/02/solarwinds-web-help-desk-exploited-for.html) 2026-02-09T15:11Z 1M followers, [---] engagements "North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware OtterCookie v5 merges BeaverTail features with new keylogging and blockchain-based C2 tactics" [X Link](https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html) 2025-10-17T13:33Z 998.8K followers, 44.6K engagements "Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models Microsoft develops a lightweight scanner that detects backdoors in open-weight LLMs using three behavioral signals improving AI model security and tr" [X Link](https://thehackernews.com/2026/02/microsoft-develops-scanner-to-detect.html) 2026-02-04T18:56Z 997.2K followers, [---] engagements "Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Iran-linked RedKitten uses malicious Excel files AI-generated macros and cloud services to spy on human rights NGOs and activists" [X Link](https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html) 2026-01-31T12:03Z 998.9K followers, 11.4K engagements "Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments Hackers exploit NFC technology and mobile payments enabling global fraud through Google Pay and Apple Pay" [X Link](https://thehackernews.com/2024/11/ghost-tap-hackers-exploiting-nfcgate-to.html) 2024-11-20T13:09Z 1M followers, 28.7K engagements "40000 Attacks in [--] Days: Critical Confluence RCE Under Active Exploitation Hackers are actively exploiting a critical Atlassian Confluence flaw (CVE-2023-22527) within days of its reveal" [X Link](https://thehackernews.com/2024/01/40000-attacks-in-3-days-critical.html) 2026-02-06T16:15Z 998.8K followers, [--] engagements "Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat A new PHALT#BLYX campaign targets European hotels using fake Booking.com emails ClickFix lures PowerShell and MSBuild to deploy DCRat malware" [X Link](https://thehackernews.com/2026/01/fake-booking-emails-redirect-hotel.html) 2026-01-06T17:29Z 1M followers, 28.1K engagements "Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic Microsofts Whisper Leak shows encrypted AI chats can secretly reveal user topics through subtle traffic patterns" [X Link](https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html) 2025-11-08T14:31Z 1M followers, 102.8K engagements "⚡ Weekly Recap: Proxy Botnet Office Zero-Day MongoDB Ransoms AI Hijacks & New Threats This weeks cybersecurity recap highlights key attacks zero-days and patches to keep you informed and secure" [X Link](https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html) 2026-02-02T13:22Z 1M followers, 10.2K engagements "Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas A critical Grist-Core flaw (CVE-2026-24002 CVSS 9.1) allows remote code execution through malicious formulas when Pyodide sandboxing is enabled" [X Link](https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html) 2026-01-27T10:38Z 996.3K followers, 11.1K engagements "Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks China-linked Mustang Panda used updated COOLCLIENT malware in [----] espionage to steal data from government and telecom targets across Asia and Russia" [X Link](https://thehackernews.com/2026/01/mustang-panda-deploys-updated.html) 2026-01-28T12:22Z 1M followers, [----] engagements "β Update: Contagious Interview now uses OtterCandy a Node.js RAT + info-stealer tied to North Korean actors. Hides in npm/supply-chain lures uses socket.io C2 to steal browser passwords & crypto wallets. v2 adds Suiet/Trust/Rabby harvesting + Windows registry wipes. Read https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html" [X Link](https://x.com/TheHackersNews/status/1979795173694439702) 2025-10-19T06:22Z 1M followers, 23.6K engagements "π¨ Hackers found a new way to phish through browser notifications. A new tool called Matrix Push C2 lets attackers send fake alerts that look like real ones from PayPal Netflix or TikTok. No downloads. No malware file. Just one click and your datas theirs. Learn more https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html" [X Link](https://x.com/TheHackersNews/status/1992128573902389635) 2025-11-22T07:10Z 998.7K followers, 107.8K engagements "π° A fake NuGet package stole crypto wallets for more than five years. It copied a popular .NET tracing library and hid as a normal dependency. One extra letter in the author name led to about [----] downloads since [----]. It exfiltrated Stratis wallet JSON files and passwords to a Russian IP. π Read: https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html" [X Link](https://x.com/TheHackersNews/status/2000954995722821872) 2025-12-16T15:43Z 1M followers, 10.7K engagements "North Korealinked Kimsuky has been tied to a new Android malware campaign. The group is spreading a fresh DocSwap variant through QR codes on fake CJ Logistics sites. Once installed the app deploys a full RAT with access to messages calls files audio and camera. π Read analysis here https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html" [X Link](https://x.com/TheHackersNews/status/2001559399970804006) 2025-12-18T07:45Z 1M followers, [----] engagements "π¨ Trend Micro patched a critical flaw in on-prem Apex Central for Windows that can lead to SYSTEM-level code execution. CVE-2025-69258 (CVSS 9.8) allows a remote unauthenticated attacker with endpoint access to load a malicious DLL via MsgReceiver.exe. On-prem builds below [----] are affected. π Details https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html" [X Link](https://x.com/TheHackersNews/status/2009566225899077715) 2026-01-09T10:01Z 1M followers, 12.3K engagements "π¨ Researchers uncovered [--] malicious Chrome extensions masquerading as HR/ERP tools like Workday and NetSuite. They exfiltrate auth cookies and suppress access to security and admin pages via DOM manipulation. π Details here https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html" [X Link](https://x.com/TheHackersNews/status/2012165892571046254) 2026-01-16T14:11Z 994.5K followers, 11.3K engagements "π¨ Researchers found an indirect prompt injection flaw abusing Google Gemini via calendar invites. A hidden prompt in an event could trigger Gemini when asked about a schedule to summarize private meetings into a new calendar entryvisible to attackers in some enterprise setups. No user action required. π Read https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html" [X Link](https://x.com/TheHackersNews/status/2013301057523441720) 2026-01-19T17:22Z 993.4K followers, 113.1K engagements "π¨ Uncharted: The AI Safety & Security Summit hosted by Fuel iX. Hidden vulnerabilities and compliance challenges are emerging faster than ever. Access [--] expert-led sessions and a comprehensive report revealing risks in [--] generative AI models. π Uncover hidden dangers in frontier AI models β Learn legal frameworks balancing innovation with responsibility π‘ Get proactive defense strategies from top CISOs π Receive a detailed report on vulnerabilities and actionable strategies Access it now on-demand: https://thn.news/ai-summit-insights https://thn.news/ai-summit-insights" [X Link](https://x.com/TheHackersNews/status/2013598921269063725) 2026-01-20T13:06Z 1M followers, 43.1K engagements "π¨ Fortinet FortiGate under automated SSO abuse. Attackers exploit CVE-2025-59718/59719 to add admin users enable VPN access and export firewall configs within seconds per Arctic Wolf. π Learn whats happening and what to disable https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html" [X Link](https://x.com/TheHackersNews/status/2014219542931910906) 2026-01-22T06:12Z 997.5K followers, [----] engagements "π¨ Fortinet confirms active exploitation of CVE-2025-59718 / [-----] allowing FortiGate FortiCloud SSO bypass even on fully patched devices. Attackers abuse crafted SAML logins to gain admin access add persistent accounts enable VPN and steal configs. Disabling FortiCloud SSO is advised. π Details https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html" [X Link](https://x.com/TheHackersNews/status/2014677477956972938) 2026-01-23T12:31Z 997.7K followers, 17.5K engagements "π¨ CISA confirms active exploitation of a critical VMware vCenter Server flaw. CVE-2024-37079 allows remote code execution via a DCE/RPC heap overflow if an attacker has network access. π Details https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html" [X Link](https://x.com/TheHackersNews/status/2014974110988894569) 2026-01-24T08:10Z 994.2K followers, 34.1K engagements "β A single spreadsheet formula can now lead to full server takeover in Grist-Core. The flaw CVE-2026-24002 (CVSS 9.1) breaks out of the Pyodide sandbox letting attackers run OS commands and access files and secrets. π Read https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html" [X Link](https://x.com/TheHackersNews/status/2016098414359150928) 2026-01-27T10:38Z 996.2K followers, [----] engagements "Indian government networks were targeted in two cyber campaigns linked to a Pakistan-based actor. Tracked by Zscaler as Gopher Strike and Sheet Attack the key tactic was India-only malware delivery filtered by IP and Windows systems to evade analysis. π Attack chain and tools explained https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html" [X Link](https://x.com/TheHackersNews/status/2016191123358941341) 2026-01-27T16:46Z 1M followers, 12.9K engagements "π§ Fortinet issues patch update for actively exploited FortiOS SSO flaw. The fix addresses CVE-2026-24858 (CVSS 9.4) an SSO authentication bypass that can allow cross-tenant device access when FortiCloud SSO is enabled. CISA has added the issue to its KEV list setting a Jan [--] remediation deadline. π Details https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html" [X Link](https://x.com/TheHackersNews/status/2016374062818443536) 2026-01-28T04:53Z 998K followers, 10.3K engagements "π Malicious PyPI spellchecker packages shipped a Python RAT. The payload was hidden in a dictionary file stayed dormant then executed after an update. spellcheckpy v1.2.0 activated it turning a simple import into remote access. π Read https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html" [X Link](https://x.com/TheHackersNews/status/2016451513103892874) 2026-01-28T10:01Z 1M followers, [----] engagements "β n8n disclosed two sandbox escape flaws that let authenticated users seize control of automation servers. One issue is rated CVSS [---] and enables full RCE. Risk is higher in internal execution mode which n8n already advises against. π Details https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html" [X Link](https://x.com/TheHackersNews/status/2016492682294841524) 2026-01-28T12:44Z 995.5K followers, 10.9K engagements "π¨ A critical flaw in the vm2 Node.js library lets attackers escape the sandbox and run code on the host system. Tracked as CVE-2026-22709 (CVSS 9.8) the issue stems from improper Promise handler sanitization. π How the flaw works https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html" [X Link](https://x.com/TheHackersNews/status/2016513566954918354) 2026-01-28T14:07Z 1M followers, [----] engagements "π¨ Fake VS Code extension abused #Moltbots name to deliver remote access malware. It posed as an AI assistant despite Moltbot having no official VS Code plugin. Once installed it auto-ran on IDE launch and dropped ScreenConnect for persistent remote control. π Read https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html" [X Link](https://x.com/TheHackersNews/status/2016569015926493467) 2026-01-28T17:48Z 997.9K followers, 17K engagements "π¨ Fake ChatGPT Chrome add-on stole 459+ API keys: Keys sent to Telegram after logout or chat delete. Hidden Google access raised the real stakes. https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html#::text=Malicious%20Chrome%20Extensions%20Steal%20OpenAI%20API%20Keys%20and%20User%20Prompts https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html#::text=Malicious%20Chrome%20Extensions%20Steal%20OpenAI%20API%20Keys%20and%20User%20Prompts" [X Link](https://x.com/TheHackersNews/status/2016824506661425293) 2026-01-29T10:43Z 992.1K followers, 22.4K engagements "β Researchers map 175K publicly exposed Ollama LLM servers worldwide. Tool-calling turns exposed AI into a highest-severity execution risk. Full details: https://thehackernews.com/2026/01/researchers-find-175000-publicly.html https://thehackernews.com/2026/01/researchers-find-175000-publicly.html" [X Link](https://x.com/TheHackersNews/status/2016944276861755808) 2026-01-29T18:39Z 997.1K followers, 10.1K engagements "π WARNING: Ivanti fixes exploited EPMM zero-days with CVSS [---] severity. Exploits enable code execution persistence and access to sensitive device data. Federal agencies face KEV deadlines; temporary patches dont persist across upgrades. Read https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html" [X Link](https://x.com/TheHackersNews/status/2017097266616844424) 2026-01-30T04:47Z 997.8K followers, 53.6K engagements "β SmarterMail fixed a critical unauthenticated RCE in its email server software. The flaw CVE-2026-24423 (CVSS 9.3) lets attackers execute OS commands via a crafted remote server. It affects builds before [----]. π Fixed builds and attack mechanics https://thehackernews.com/2026/01/smartermail-fixes-critical.html https://thehackernews.com/2026/01/smartermail-fixes-critical.html" [X Link](https://x.com/TheHackersNews/status/2017133665302798502) 2026-01-30T07:11Z 995.6K followers, [----] engagements "The FBI has seized the RAMP cybercrime forum shutting down its Tor site and clearnet domain with DOJ coordination. Threat actors are already migrating to other platforms underscoring how fast the underground re-forms after takedowns. π Read https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#major-cybercrime-forum-takedown https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#major-cybercrime-forum-takedown" [X Link](https://x.com/TheHackersNews/status/2017167395660694006) 2026-01-30T09:25Z 993.3K followers, [----] engagements "π Chrome extensions are being abused at scale. Researchers uncovered tools that hijack affiliate links scrape shopping data steal ChatGPT login tokens and even deliver phishing pageswhile passing official store reviews. π Learn more about the affiliate fraud AI token theft and the browser as attack surface https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html" [X Link](https://x.com/TheHackersNews/status/2017233141791125605) 2026-01-30T13:47Z 1M followers, 20.7K engagements "π A suspected Iran-aligned campaign targets NGOs and individuals documenting human rights abuses. HarfangLab tracks the activity as RedKitten using Excel files themed around deceased protesters to deliver malware. The tooling relies on GitHub Google Drive and Telegram for configuration and control with indicators suggesting parts of the code may be LLM-assisted. π Read https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html" [X Link](https://x.com/TheHackersNews/status/2017569442901930123) 2026-01-31T12:03Z 995.8K followers, 11.1K engagements "π± Apple is testing a new iOS setting that reduces how precisely cellular networks can π locate your device. Limit Precise Location restricts location data to a broad area instead of an exact address. π Learn how the setting works and where its available https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#cellular-location-precision-reduced https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#cellular-location-precision-reduced" [X Link](https://x.com/TheHackersNews/status/2017830893642256520) 2026-02-01T05:22Z 995.4K followers, 24.3K engagements "β WARNING: A supply chain attack spread malware via trusted VS Code extensions on Open VSX. Attackers hijacked a real developer account and pushed GlassWorm through four existing tools. 22000+ installs happened before removal. π Read https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html" [X Link](https://x.com/TheHackersNews/status/2018189816903692463) 2026-02-02T05:08Z 998.1K followers, 46.8K engagements "What if the hardest vulnerability to patch is self-doubt ICS environments are unforgiving. Responders cant afford hesitationbut they also can't ignore it. In ICS410 Justin Searle helps practitioners move from doubt to decisive action grounded in technical precision and OT situational awareness. Register for ICS410 at SANS Surge [----] (Feb 2328) and train live with Justin: #SCADA #ICS410 #OTincidentresponse #SANSLiveTraining https://thn.news/sans-surge-26 https://thn.news/sans-surge-26" [X Link](https://x.com/TheHackersNews/status/2018309877639295434) 2026-02-02T13:05Z 998.2K followers, 11.3K engagements "β‘ Microsoft will phase out NTLM in Windows through a three-step plan. Deprecated in June [----] NTLM remains widely used despite known security flaws. NTLM will be disabled by default in a future Windows release with Kerberos becoming the standard. π dtails https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html" [X Link](https://x.com/TheHackersNews/status/2018355361364000909) 2026-02-02T16:06Z 1M followers, 14.2K engagements "π₯ A high-severity RCE flaw in OpenClaw lets attackers take over the local agent with a single click. A crafted link can steal a gateway token via unvalidated WebSocket origins enabling full command execution even on localhost-only setups through the users browser. π Details and attack chain https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html" [X Link](https://x.com/TheHackersNews/status/2018362651102085353) 2026-02-02T16:35Z 1M followers, 29.9K engagements "π¨ China-linked Lotus Blossom compromised Notepad++ hosting infrastructure to hijack update traffic and deliver the Chrysalis backdoor Rapid7 reports. The issue affected older versions and was fixed with version 8.8.9 in December [----]. π Read https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html" [X Link](https://x.com/TheHackersNews/status/2018551195179335731) 2026-02-03T05:04Z 997.9K followers, 55.7K engagements "πΈ Exposed C2 server showed a complete BYOB botnet in the open π§ Droppers loaders and RATs for Windows Linux and macOS were publicly accessible revealing a multi-stage chain for evasion persistence and control. Crypto miners were also hosted. π Read https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html#::text=Exposed%20C2%20Server%20Reveals%20BYOB%20Infrastructure https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html#::text=Exposed%20C2%20Server%20Reveals%20BYOB%20Infrastructure" [X Link](https://x.com/TheHackersNews/status/2018586411239371217) 2026-02-03T07:24Z 1M followers, [----] engagements "π Major cloud outages didnt just break appsthey broke access. When shared cloud services fail identity systems fail too even if the IdP is running. Authentication depends on databases DNS and control planes. π How cloud outages cascade into identity failures https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html" [X Link](https://x.com/TheHackersNews/status/2018649704582553617) 2026-02-03T11:36Z 996.5K followers, [----] engagements "β A critical flaw in Dockers Ask Gordon AI let container metadata execute real commands. A single malicious Docker LABEL could pass through the MCP gateway and run tools with user privileges. Fixed in version 4.50.0. π DockerDash details https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html" [X Link](https://x.com/TheHackersNews/status/2018727226968363333) 2026-02-03T16:44Z 995.4K followers, [----] engagements "π¨We tested [--] leading GenAI models for security vulnerabilities. All [--] failed. Attack success rates ranged from 1.13% to 64.13%. Every model demonstrated exploitable flaws that could turn AI systems into attack vectors. Key findings: - [--] frontier models tested - Hundreds of vulnerabilities found - 100% failure rate - Up to 64% attack success As GenAI transforms industries these results reveal a critical safety & security gap. Traditional security methods can't address the probabilistic nature of AI systems. Our report includes: β Security profiles of all [--] models β Analysis of the AI" [X Link](https://x.com/TheHackersNews/status/2019039164096983472) 2026-02-04T13:23Z 1M followers, [----] engagements "β Attackers are hijacking live web traffic by weaponizing NGINX configs linked to React2Shell exploitation. Rogue proxy rules silently reroute user sessions through attacker infrastructureimpacting π gov πedu and Asian π TLD sites. π Details https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html" [X Link](https://x.com/TheHackersNews/status/2019274400747647131) 2026-02-05T04:58Z 1M followers, [----] engagements "Passwords are sliding into legacy status. Passkeys AI governance and verifiable credentials are scaling as identity shifts to real-time trust per Rex Booth SailPoint. π [--] predictions reshaping identity security https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html" [X Link](https://x.com/TheHackersNews/status/2019319850531975278) 2026-02-05T07:59Z 1M followers, [----] engagements "π¦β Is your container adoption outpacing your security maturity Youre not alone. @ActiveState's [----] State of Vulnerability Management & Remediation Report found 82% of DevSecOps leaders experienced a container-related breach last year and 87% expect one in [----]. Learn how to close the remediation gap and the role AI will play in securing your stack by [----]. π₯ Download the report https://thn.news/container-sec-guide https://thn.news/container-sec-guide" [X Link](https://x.com/TheHackersNews/status/2019392282466935019) 2026-02-05T12:46Z 1M followers, [----] engagements "π¨ ThreatsDay Bulletin is live. Watch out for dozens of critical signals showing where attacks are heading next. Codespaces RCE AI cloud intrusion AsyncRAT C2 BYOVD abuse .and 15+ more stories. All updates in one place https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html" [X Link](https://x.com/TheHackersNews/status/2019396866639847772) 2026-02-05T13:05Z 1M followers, 58.1K engagements "π» Access & Persistence Sandbox escape RMM deployment SCR malware Credential theft Voicemail lure access SimpleHelp remote control Supply-chain config abuse Public bucket creds" [X Link](https://x.com/TheHackersNews/status/2019396869785616403) 2026-02-05T13:05Z 997.2K followers, [----] engagements "π Infra & Ops SystemBC botnet DDoSia ops Crypto drainers ClickFix framework ErrTraffic TDS Botnet proxy layers Infra key reuse VPS hosting clusters" [X Link](https://x.com/TheHackersNews/status/2019396872771883095) 2026-02-05T13:05Z 1M followers, [----] engagements "π° Threat Actors & Campaigns Lazarus Nordics Typhoon overlap APT36 startups ShadowSyndicate infra Ransomware CVE surge Crimson RAT lures Crypto scam affiliates Strategic DDoS arrests Entire bulletin here https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html" [X Link](https://x.com/TheHackersNews/status/2019396875884150828) 2026-02-05T13:05Z 1M followers, [----] engagements "AI is foundational for security teams but operational relief still feels out of reach. Tines just launched Voice of Security [----] based on insights from 1800+ security leaders and practitioners. The data shows why workloads remain high and what it takes to unlock real AI impact π https://thn.news/security-insights-24-x https://thn.news/security-insights-24-x" [X Link](https://x.com/TheHackersNews/status/2019411355040903509) 2026-02-05T14:02Z 1M followers, [----] engagements "π‘ Turn intel into action with a 6-stage Threat-Informed Defense pipeline. Map adversary TTPs simulate attacks validate controls and prioritize fixes that reduce real risk. π Download Guide (Framework steps + tooling) https://www.linkedin.com/pulse/turn-intel-action-guide-threatinformed-defense-thehackernews-hru3c/ https://www.linkedin.com/pulse/turn-intel-action-guide-threatinformed-defense-thehackernews-hru3c/" [X Link](https://x.com/TheHackersNews/status/2019721890265522535) 2026-02-06T10:36Z 1M followers, [----] engagements "ππ±π Enterprise security wasnt designed for mobile behavior. Devices move between corporate and public networks while handling sensitive data. Knox Firewall enforces per-app network controls restricting traffic by IP/domain with detailed access logs for investigations. π App rules traffic visibility logging depth https://thehackernews.com/2026/02/how-samsung-knox-helps-stop-your-network-security-breach.html https://thehackernews.com/2026/02/how-samsung-knox-helps-stop-your-network-security-breach.html" [X Link](https://x.com/TheHackersNews/status/2019735324075913444) 2026-02-06T11:30Z 1M followers, [----] engagements "Cisco Talos exposed DKnife a China-linked AitM framework active since [----] on compromised routers and edge devices. It monitors traffic steals credentials and hijacks app/software updates to deploy ShadowPad and DarkNimbus on PCs and phones. π Modules and infection chain https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html" [X Link](https://x.com/TheHackersNews/status/2019787476748181656) 2026-02-06T14:57Z 1M followers, [----] engagements "To celebrate the ultimate partnership this Valentines Day @OrchidSecurity is sharing our "Security Sweetheart" candies. These aren't your typical grocery store hearts they are designed for the unique bond between the IAM + CISO. The Security Sweetheart Collection π¬ Which one would you send to your security "other half" SSO [--] EVA: Because true love means only having to log in once. AUDIT ME: Total transparency is the foundation of any healthy relationship. NO SILOS: Breaking down walls is our love language. ZERO TRUST: It sounds harsh but in security its the ultimate form of devotion. MFA ME:" [X Link](https://x.com/TheHackersNews/status/2020823062380486678) 2026-02-09T11:32Z 1M followers, [----] engagements "Over [--] Software Vendors Issue Security Fixes Across OS Cloud and Network Platforms Patch Tuesday delivers fixes for [--] Microsoft flaws six exploited zero-days plus critical SAP and Intel TDX vulnerabilities" [X Link](https://thehackernews.com/2026/02/over-60-software-vendors-issue-security.html) 2026-02-11T13:31Z 1M followers, [----] engagements "83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure 83% of Ivanti EPMM exploits traced to one IP as automated scans target governments and enterprises" [X Link](https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html) 2026-02-12T07:36Z 1M followers, 12.6K engagements "β π Reynolds ransomware embeds its own BYOVD evasion bundling a vulnerable driver to disable EDR before encryption. It drops the NSecKrnl driver (CVE-2025-68947) to kill security tools reducing detection and affiliate effort. π Read full attack chain and defense insights https://thehackernews.com/2026/02/reynolds-ransomware-embeds-byovd-driver.html https://thehackernews.com/2026/02/reynolds-ransomware-embeds-byovd-driver.html" [X Link](https://x.com/TheHackersNews/status/2021233237570236835) 2026-02-10T14:42Z 1M followers, 54.7K engagements "On February [--] at 9:00 AM PT @Semgrep is hosting its first-ever virtual keynote - Semgrep Secure 2026: Code Security Rebuilt for the AI Era AI is now writing more code than humans and most of it is never reviewed line by line. That reality breaks the assumptions behind traditional AppSec tools which were built for a world where every line of code was human-authored and inspected. This isnt AI added to security. Its security rebuilt for how code is actually created today. Register now and join us live: https://thn.news/semgrep-secure-2026 https://thn.news/semgrep-secure-2026" [X Link](https://x.com/TheHackersNews/status/2021548212465836230) 2026-02-11T11:33Z 1M followers, [----] engagements "π€ One bulletproof-hosted IP drove [---] of [---] Ivanti EPMM exploit attempts. Activity targeted CVSS [---] RCE flaws rotating 300+ user agents while scanning other enterprise platforms in parallel. Signals automated initial-access reconnaissance. π Read https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html" [X Link](https://x.com/TheHackersNews/status/2021850867188859296) 2026-02-12T07:36Z 1M followers, 12.2K engagements "npm killed long-lived tokens after the Sha1-Hulud attack shifting to short-lived sessions and MFA by default. Security improved but MFA phishing and optional publish protections still leave gaps. Console access can still mean package compromise. π Where the new model still fails https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html" [X Link](https://x.com/TheHackersNews/status/2022261052050903436) 2026-02-13T10:46Z 1M followers, [----] engagements "9 Identity Security Predictions for [----] Nine identity security predictions for [----] covering AI governance passwordless access decentralized identity IoT and post-quantum cryptography" [X Link](https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html) 2026-02-05T07:59Z 1M followers, 16.7K engagements "ThreatsDay Bulletin: AI Prompt RCE Claude 0-Click RenEngine Loader Auto 0-Days & 25+ Stories This weeks cybersecurity roundup covering emerging attacks malware trends infrastructure abuse and evolving intrusion activity" [X Link](https://thehackernews.com/2026/02/threatsday-bulletin-ai-prompt-rce.html) 2026-02-12T11:52Z 1M followers, 64.6K engagements "Five attacks. Five lessons. One goal: resilience. From Boeing to Ascension cybersecurity experts from Halcyon examined #ransomware incidents that reshaped cyber strategy - and the takeaways defenders can apply today. Curious which decisions changed the outcome Swipe to see the high-level hits. Dont wait for an incident to learn from one. Download the full guide: https://thn.news/attacks-changed-everything https://thn.news/attacks-changed-everything" [X Link](https://x.com/TheHackersNews/status/2021585020855488719) 2026-02-11T14:00Z 1M followers, [----] engagements "π€π Identity security is shifting from static controls to AI-run decisions. As outlined by SailPoint CISO Rex Booth AI-driven identity governance will automate access in real time replacing manual reviews and standing privileges. Passkeys and decentralized IDs will further reshape authentication. π [--] forecasts shaping access trust and risk https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html" [X Link](https://x.com/TheHackersNews/status/2021664511363887115) 2026-02-11T19:15Z 1M followers, [----] engagements "A new enterprise study shows only 16% of orgs run Continuous Threat Exposure Management (CTEM). Those that do see 50% better attack surface visibility and stronger tooling adoption creating a widening security gap as environments scale. π Peer benchmarks and risk data breakdown https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html" [X Link](https://x.com/TheHackersNews/status/2021941252506423557) 2026-02-12T13:35Z 1M followers, [----] engagements "β Security firms uncovered coordinated abuse of Chrome extensions across business social and AI tools. From Meta ad accounts to Gmail inboxes attackers used add-ons to scrape data inject payloads and persist inside sessions. π Read https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html" [X Link](https://x.com/TheHackersNews/status/2022271300946035159) 2026-02-13T11:27Z 1M followers, [----] engagements "π CISA orders federal agencies to remove unsupported edge devices within [----] months. Unpatched firewalls routers IoT and perimeter gear are now flagged as prime entry pointsactively exploited by state-backed actors for network access. π Directive scope deadlines device list https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html" [X Link](https://x.com/TheHackersNews/status/2019769186755727757) 2026-02-06T13:44Z 1M followers, [----] engagements "China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign UNC3886 targeted Singapores telecom operators via zero-day exploits rootkits and VMware systems; no customer data breach confirmed" [X Link](https://thehackernews.com/2026/02/china-linked-unc3886-targets-singapore.html) 2026-02-09T17:02Z 1M followers, 12.1K engagements "ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security ZAST.AI raised $6M after uncovering hundreds of zero-days and [---] CVEs using AI-generated PoC validation" [X Link](https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html) 2026-02-10T12:31Z 1M followers, [----] engagements "Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.01.120.4 affected patched in newer releases" [X Link](https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html) 2025-12-23T07:37Z 1M followers, 324.7K engagements "Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group Rapid7 links China-linked Lotus Blossom to a [----] Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates fixed in v8.8.9" [X Link](https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html) 2026-02-03T04:58Z 1M followers, 140.8K engagements "TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure Worm-driven TeamPCP campaign exploits Docker Kubernetes Redis Ray and React2Shell to build proxy infrastructure for data theft and ransomware" [X Link](https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html) 2026-02-09T08:39Z 1M followers, 46.9K engagements "Asian State-Backed Group TGR-STA-1030 Breaches [--] Government Infrastructure Entities Asian state-linked hackers breached [--] entities used phishing N-day exploits and rootkits for global espionage" [X Link](https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html) 2026-02-06T12:08Z 1M followers, 17.5K engagements "Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack" [X Link](https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html) 2026-02-06T08:43Z 1M followers, 23.4K engagements "β ALERT A critical RCE flaw (CVSS 9.9) was found in the n8n workflow automation platform. CVE-2025-68613 lets authenticated users execute arbitrary code enabling full instance takeover data access and system-level actions. More than 103k exposed instances are observed globally. π Details https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html" [X Link](https://x.com/TheHackersNews/status/2003369435198030215) 2025-12-23T07:37Z 1M followers, 300.1K engagements "Kaspersky uncovered three separate infection chains in the Notepad++ supply-chain breach. Attackers rotated C2s payloads and installers for four months targeting government finance and IT entities across multiple regions. Activity stopped in Nov [----]. π Read update here https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html#kaspersky-observes-3-infection-chains https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html#kaspersky-observes-3-infection-chains" [X Link](https://x.com/TheHackersNews/status/2019677440508035363) 2026-02-06T07:40Z 1M followers, 84.1K engagements "State-linked hackers breached 70+ government & critical infrastructure networks across [--] countries Unit [--] reports. Targets include law enforcement finance ministries and border control. Initial access via phishing loaders with payloads staged on GitHub. π Intrusion chain malware design targeting scope https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html" [X Link](https://x.com/TheHackersNews/status/2019744942999142467) 2026-02-06T12:08Z 1M followers, 17.2K engagements "π§π»π» North Korean operatives are using real LinkedIn accounts to land remote IT jobs in Western firms. With impersonated profiles and verified emails DPRK actors secure roles to fund weapons programs and conduct espionagesome gain admin access steal data and maintain persistence. π Read the full investigation https://thehackernews.com/2026/02/dprk-operatives-impersonate.html https://thehackernews.com/2026/02/dprk-operatives-impersonate.html" [X Link](https://x.com/TheHackersNews/status/2021279737830846952) 2026-02-10T17:46Z 1M followers, 11.9K engagements "Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware" [X Link](https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html) 2026-02-03T14:07Z 1M followers, 13.9K engagements "China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines Researchers found Chinese-linked attackers abused SonicWall VPN access and VMware ESXi zero-day flaws to escape VMs and gain hypervisor control" [X Link](https://thehackernews.com/2026/01/chinese-linked-hackers-exploit-vmware.html) 2026-01-09T17:44Z 1M followers, 15.4K engagements "Webinar The Smarter SOC Blueprint: Learn What to Build Buy and Automate Live webinar explains how modern SOCs decide what to build buy or automate to reduce tool sprawl and improve outcomes" [X Link](https://thehackernews.com/2026/02/webinar-smarter-soc-blueprint-learn.html) 2026-02-03T14:56Z 1M followers, 11.2K engagements "Apple Patches CVE-2025-43300 Zero-Day in iOS iPadOS and macOS Exploited in Targeted Attacks Apple patches CVE-2025-43300 zero-day in iOS iPadOS and macOS after active exploitation reports" [X Link](https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html) 2025-08-21T04:48Z 1M followers, 375.5K engagements "SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS [---] Score SmarterTools fixed critical SmarterMail flaws including CVSS [---] unauthenticated RCE and NTLM relay bugs urging users to update immediately" [X Link](https://thehackernews.com/2026/01/smartermail-fixes-critical.html) 2026-01-30T07:11Z 1M followers, 15.8K engagements "Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers Python infostealers are spreading from Windows to macOS via Google Ads ClickFix lures and fake installers to steal credentials and financial data" [X Link](https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html) 2026-02-04T07:44Z 1M followers, [----] engagements "A Cybercrime Merger Like No Other — Scattered Spider LAPSUS$ and ShinyHunters Join Forces Scattered Spider LAPSUS$ and ShinyHunters unite as Scattered LAPSUS$ Hunters reshaping cybercrime with Telegram extortion" [X Link](https://thehackernews.com/2025/11/a-cybercrime-merger-like-no-other.html) 2025-11-04T17:25Z 1M followers, 101.5K engagements "Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access A 9.8-severity flaw (CVE-2026-24061) in GNU InetUtils telnetd allows remote authentication bypass and root access in versions 1.9.3 to 2.7" [X Link](https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html) 2026-01-22T16:32Z 1M followers, 53.1K engagements "CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog CISA adds an actively exploited SolarWinds Web Help Desk RCE flaw to KEV ordering federal agencies to patch by February 2026" [X Link](https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html) 2026-02-04T05:57Z 1M followers, [----] engagements "New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems Critical OpenSSH vulnerability allows remote code execution on Linux systems. Patch now to protect against potential attacks on millions of exposed se" [X Link](https://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html) 2024-07-02T05:32Z 1M followers, [----] engagements "GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs GlassWorm malware returns in VS Code extensions hiding via Unicode and reviving itself through blockchain" [X Link](https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html) 2025-11-10T08:53Z 1M followers, 107.2K engagements "Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files activating malware on import in version 1.2.0" [X Link](https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html) 2026-01-28T10:01Z 1M followers, [----] engagements "ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts Second-order prompt injection exploits ServiceNow agent discovery enabling unauthorized actions unless configurations and monitoring are tightened" [X Link](https://thehackernews.com/2025/11/servicenow-ai-agents-can-be-tricked.html) 2025-12-21T13:30Z 1M followers, 16.8K engagements "New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code VVS Stealer is a Python-based malware sold on Telegram that steals Discord tokens browser data and credentials using heavy code obfuscation" [X Link](https://thehackernews.com/2026/01/new-vvs-stealer-malware-targets-discord.html) 2026-01-05T17:23Z 1M followers, [----] engagements "DeepSeek AI Database Exposed: Over [--] Million Log Lines Secret Keys Leaked DeepSeek AI exposed a database containing secret keys chat logs and backend data allowing full system access" [X Link](https://thehackernews.com/2025/01/deepseek-ai-database-exposed-over-1.html) 2025-01-30T10:09Z 1M followers, 27.9K engagements "Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox Mozilla will release Firefox [---] with a new settings toggle that lets users completely turn off all current and future generative AI features" [X Link](https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html) 2026-02-03T05:42Z 1M followers, [----] engagements "Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 Google confirms nation-state and cybercrime groups exploit a patched WinRAR flaw to gain persistence and deploy malware via Windows Startup folders" [X Link](https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html) 2026-01-28T09:48Z 1M followers, [----] engagements "Researchers Null-Route Over [---] Kimwolf and Aisuru Botnet Command Servers The Kimwolf botnet compromised more than [--] million Android devices turning them into residential proxies for DDoS attacks and traffic abuse" [X Link](https://thehackernews.com/2026/01/kimwolf-botnet-infected-over-2-million.html) 2026-01-14T19:12Z 1M followers, [----] engagements "New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector ESET links Russia-backed Sandworm to a failed December [----] cyberattack using DynoWiper malware against Polands power and renewable energy systems" [X Link](https://thehackernews.com/2026/01/new-dynowiper-malware-used-in-attempted.html) 2026-01-24T08:24Z 1M followers, 18.4K engagements "Researchers Find [---] Malicious ClawHub Skills Stealing Data from OpenClaw Users A security audit found [---] malicious ClawHub skills abusing OpenClaw to spread Atomic Stealer and steal credentials on macOS and Windows" [X Link](https://thehackernews.com/2026/02/researchers-find-341-malicious-clawhub.html) 2026-02-02T17:52Z 1M followers, 24.5K engagements "Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers North Korean group Konni uses AI-assisted PowerShell malware and phishing via Google ads and Discord to breach blockchain development environments" [X Link](https://thehackernews.com/2026/01/konni-hackers-deploy-ai-generated.html) 2026-01-26T08:56Z 1M followers, 62.5K engagements "CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms Poland linked December [----] cyber attacks on energy and manufacturing sites to Static Tundra involving DynoWiper and FortiGate exploits" [X Link](https://thehackernews.com/2026/01/poland-attributes-december-cyber.html) 2026-01-31T07:11Z 1M followers, 23K engagements "40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials Over [--] npm packages trojanized to steal GitHub and cloud credentials via bundle.js malware" [X Link](https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html) 2025-09-16T05:02Z 1M followers, 280.5K engagements "Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44 Wiz found a critical Base44 flaw letting attackers access private apps via public app_id. Fixed by Wix" [X Link](https://thehackernews.com/2025/07/wiz-uncovers-critical-access-bypass.html) 2025-07-29T15:39Z 1M followers, 12.5K engagements "China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns China-linked Amaranth-Dragon and Mustang Panda target Southeast Asian governments using WinRAR exploit and PlugX phishing lures" [X Link](https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html) 2026-02-04T14:13Z 1M followers, 10.6K engagements "Exposed Training Open the Door for Crypto-Mining in Fortune [---] Cloud Environments Exposed training apps in cloud environments enable exploitation lateral movement and crypto-mining activity across enterprise infrastructure" [X Link](https://thehackernews.com/2026/02/exposed-training-open-door-for-crypto.html) 2026-02-11T11:37Z 1M followers, [---] engagements "DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files DEAD#VAX campaign delivers AsyncRAT via IPFS-hosted VHD phishing files using fileless memory injection and obfuscated scripts to evade detection" [X Link](https://thehackernews.com/2026/02/deadvax-malware-campaign-deploys.html) 2026-02-04T17:27Z 1M followers, 10.9K engagements "Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control A critical CVSS [----] vulnerability in n8n allows unauthenticated attackers to read files bypass authentication and gain full server control" [X Link](https://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.html) 2026-01-07T13:53Z 1M followers, 63.4K engagements "How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring Sandbox-first investigations and automated triage cut MTTR reduce burnout and triple SOC output without extra hiring" [X Link](https://thehackernews.com/2026/02/how-top-cisos-solve-burnout-and-speed.html) 2026-02-09T12:29Z 1M followers, [----] engagements "The First [--] Seconds: How Early Decisions Shape Incident Response Investigations Early incident response decisionsevidence preservation execution analysis and logging visibilitydetermine investigation success" [X Link](https://thehackernews.com/2026/02/the-first-90-seconds-how-early.html) 2026-02-04T12:00Z 1M followers, [--] engagements "Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data Ivanti EPMM zero-day flaws enabled cyberattacks on Dutch EU and Finnish government systems exposing employee contact and device data" [X Link](https://thehackernews.com/2026/02/dutch-authorities-confirm-ivanti-zero.html) 2026-02-10T08:26Z 1M followers, 10.1K engagements "Who Approved This Agent Rethinking Access Accountability and Risk in the Age of AI Agents AI agents break traditional IAM by enabling delegated access authorization bypass and high-risk ownerless organizational automation" [X Link](https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html) 2026-01-24T09:00Z 1M followers, 11.5K engagements "π A WinRAR bug fixed in July [----] is still being exploited. Researchers at Google ties CVE-2025-8088 to Russia- and China-linked actors plus cybercrime groups deploying RATs and stealers showing how quickly n-days get reused. π Read https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html" [X Link](https://x.com/TheHackersNews/status/2016448230410842220) 2026-01-28T09:48Z 1M followers, [----] engagements "β Poland confirms coordinated cyber attacks on 30+ renewable energy sites and a major CHP plant. CERT Polska says the campaign was destructive using wiper malware but failed to disrupt power or heat supply. Access came via vulnerable Fortinet devices. π Read https://thehackernews.com/2026/01/poland-attributes-december-cyber.html https://thehackernews.com/2026/01/poland-attributes-december-cyber.html" [X Link](https://x.com/TheHackersNews/status/2017495986822910095) 2026-01-31T07:11Z 1M followers, 20.8K engagements "β‘π€ Researchers find [---] malicious ClawHub skills targeting OpenClaw users via fake install steps. The skills deploy Atomic Stealer on macOS and keylogging malware on Windows abusing OpenClaws open marketplace model. π Read https://thehackernews.com/2026/02/researchers-find-341-malicious-clawhub.html https://thehackernews.com/2026/02/researchers-find-341-malicious-clawhub.html" [X Link](https://x.com/TheHackersNews/status/2018382130636829066) 2026-02-02T17:52Z 1M followers, 23.9K engagements "π€ Mozilla will add 1-click Firefox setting to fully disable generative AI features. With Firefox [---] users can block all current and future AI features or manage them individually keeping AI strictly opt-in as browsers add more automation. π Read https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html" [X Link](https://x.com/TheHackersNews/status/2018560743428489712) 2026-02-03T05:42Z 1M followers, [----] engagements "π¨ Researchers detect active exploitation of a critical React Native CLI flaw. CVE-2025-11953 allows unauthenticated OS command execution on exposed Metro dev servers with attacks deploying PowerShell and a Rust payload. π Read https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html" [X Link](https://x.com/TheHackersNews/status/2018687689495613775) 2026-02-03T14:07Z 1M followers, 12.2K engagements "π’ WEBINAR ALERT Adding tools hasnt made SOCs calmer or faster. Its mostly added noise. In this session two SOC operators walk through practical build vs buy decisions real models and a customer case study you can reuse. π Join to Watch: https://thehackernews.com/2026/02/webinar-smarter-soc-blueprint-learn.html https://thehackernews.com/2026/02/webinar-smarter-soc-blueprint-learn.html" [X Link](https://x.com/TheHackersNews/status/2018700008669778076) 2026-02-03T14:56Z 1M followers, 10.8K engagements "π¨ SolarWinds Web Help Desk flaw added to CISA KEV CVE-2025-40551 (CVSS 9.8): unauthenticated RCE via deserialization Fixed in WHD v2026.1 Federal agencies must patch by February [--] π Read https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html" [X Link](https://x.com/TheHackersNews/status/2018926862546927867) 2026-02-04T05:57Z 1M followers, [----] engagements "π Microsoft warns infostealers are expanding from Windows to macOS. Since late [----] malvertising (Google Ads) and ClickFix lures have delivered fake DMG installers. Python-based stealers abuse native macOS tools + AppleScript to extract creds cookies and iCloud Keychain data. π Attack chain and theft capabilities https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html" [X Link](https://x.com/TheHackersNews/status/2018953829124088119) 2026-02-04T07:44Z 1M followers, [----] engagements "China-linked Amaranth-Dragon targeted Southeast Asian government and law enforcement networks in [----] with links to the APT41 ecosystem. Campaigns leveraged political lures and the WinRAR CVE-2025-8088 RCE flaw using cloud delivery and geo-fenced infrastructure for stealth. π Read https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html" [X Link](https://x.com/TheHackersNews/status/2019051631783137774) 2026-02-04T14:13Z 1M followers, 10.4K engagements "Threat actors are delivering AsyncRAT via IPFS-hosted VHD files in DEAD#VAX. Phishing emails mount fake PDF drives that run obfuscated scripts and in-memory shellcode inside trusted Windows processesminimal disk trace. π§ Fileless π° IPFS πͺ Process injection πRead https://thehackernews.com/2026/02/deadvax-malware-campaign-deploys.html https://thehackernews.com/2026/02/deadvax-malware-campaign-deploys.html" [X Link](https://x.com/TheHackersNews/status/2019100532158394509) 2026-02-04T17:27Z 1M followers, [----] engagements "β Critical RCE flaw in n8n (CVE-2026-25049 CVSS 9.4) lets authenticated users execute system commands via crafted workflow expressions. Public webhooks exposed remote trigger credential theft server takeover. π Exploit path affected versions patch details https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html" [X Link](https://x.com/TheHackersNews/status/2019295771615748217) 2026-02-05T06:23Z 1M followers, 12.9K engagements "πβ AISURU/Kimwolf launched a record [----] Tbps HTTP DDoS attack mitigated by Cloudflare. Same botnet drove holiday flood campaigns as Q4 hyper-volumetric attacks surged. Runs on 2M+ infected Android devices via proxy networks. π Read https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.html https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.html" [X Link](https://x.com/TheHackersNews/status/2019463173338804508) 2026-02-05T17:28Z 1M followers, 12.9K engagements "π¨ UPDATE: CISA adds SmarterMail RCE (CVE-2026-24423) to KEV after confirming ransomware exploitation in the wild. Unauthenticated attackers can run commands via the ConnectToHub API. Federal agencies must patch by Feb [--]. π Full update https://thehackernews.com/2026/01/smartermail-fixes-critical.html#flaw-exploited-in-ransomware-attacks https://thehackernews.com/2026/01/smartermail-fixes-critical.html#flaw-exploited-in-ransomware-attacks" [X Link](https://x.com/TheHackersNews/status/2019819376392667437) 2026-02-06T17:04Z 1M followers, [----] engagements "π Cloud worm malware campaign is systematically taking over cloud infrastructure. TeamPCP exploits exposed Docker Kubernetes Redis and React2Shell to mass-deploy proxies scanners crypto miners & ransomware across compromised clusters. π Read https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html" [X Link](https://x.com/TheHackersNews/status/2020779674419474919) 2026-02-09T08:39Z 1M followers, 46.6K engagements "π§ͺβ‘ SOC teams arent failing on tools theyre overloaded by triage. Constant validation loops are fueling burnout and SLA drift. CISOs are moving to sandbox-first workflows exposing live behavior early and reducing escalations MTTR and senior drag. π How evidence replaces guesswork https://thehackernews.com/2026/02/how-top-cisos-solve-burnout-and-speed.html https://thehackernews.com/2026/02/how-top-cisos-solve-burnout-and-speed.html" [X Link](https://x.com/TheHackersNews/status/2020865207468544197) 2026-02-09T14:19Z 1M followers, [----] engagements "π¨ Ivanti EPMM Zero-Day Exploits Breach Dutch Regulators Linked to Wider EU Government Intrusions. Attackers exploited CVSS [---] unauthenticated RCE flaws to access employee work contact data. Related activity also impacted the European Commission and Finlands Valtori systems. π Details https://thehackernews.com/2026/02/dutch-authorities-confirm-ivanti-zero.html https://thehackernews.com/2026/02/dutch-authorities-confirm-ivanti-zero.html" [X Link](https://x.com/TheHackersNews/status/2021138595692822660) 2026-02-10T08:26Z 1M followers, 10K engagements "GlassWorm Returns with [--] Malicious Extensions Impersonating Popular Developer Tools GlassWorm spreads again using [--] fake extensions across Visual Studio Marketplace and Open VSX hiding Rust implants & Solana-based C2 to target devs" [X Link](https://thehackernews.com/2025/12/glassworm-returns-with-24-malicious.html) 2025-12-02T15:03Z 1M followers, 75.9K engagements "CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk CISA orders federal agencies to inventory upgrade and remove unsupported edge devices within [----] months to reduce cyber-espionage risk" [X Link](https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html) 2026-02-06T13:44Z 1M followers, [----] engagements "Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack GlassWorm spread via [--] VS Code extensions; Solana + Google Calendar C2; stole credentials drained [--] wallets" [X Link](https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html) 2025-10-24T09:17Z 1M followers, 60.4K engagements "Google to Shut Down Dark Web Monitoring Tool in February [----] Google will shut down its Dark Web Report in February [----] ending breach scans and deleting user data to refocus on actionable security tools" [X Link](https://thehackernews.com/2025/12/google-to-shut-down-dark-web-monitoring.html) 2025-12-16T06:06Z 1M followers, 14.3K engagements "π Google is shutting down its dark web monitoring tool less than two years after launch. Google admitted the tool surfaced breached data but didnt give people clear next steps. Alerts without action paths dont change outcomes. π Read here: https://thehackernews.com/2025/12/google-to-shut-down-dark-web-monitoring.html https://thehackernews.com/2025/12/google-to-shut-down-dark-web-monitoring.html" [X Link](https://x.com/TheHackersNews/status/2000809791892123911) 2025-12-16T06:06Z 1M followers, 14.2K engagements "β Singapores cyber agency says China-linked UNC3886 targeted all four national telecom operators. Attackers used a firewall zero-day and rootkits to access parts of critical systems. Espionage activity was contained. No service disruption or customer data theft found. π Read https://thehackernews.com/2026/02/china-linked-unc3886-targets-singapore.html https://thehackernews.com/2026/02/china-linked-unc3886-targets-singapore.html" [X Link](https://x.com/TheHackersNews/status/2020906247520911394) 2026-02-09T17:02Z 1M followers, 11.7K engagements "Google to Verify All Android Developers in [--] Countries to Block Malicious Apps Google will verify all Android developers by September [----] in select countries to curb malicious apps" [X Link](https://thehackernews.com/2025/08/google-to-verify-all-android-developers.html) 2025-08-26T06:29Z 1M followers, 7.1M engagements "Apple Fixes Exploited Zero-Day Affecting iOS macOS and Apple Devices Apple releases security updates fixing exploited dyld zero-day CVE-2026-20700 enabling code execution across iOS macOS and Apple devices" [X Link](https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html) 2026-02-12T05:51Z 1M followers, 35.5K engagements "Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS [---] Vulnerability Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple Microsoft SolarWinds and Notepad++ flaws to KEV list" [X Link](https://thehackernews.com/2026/02/researchers-observe-in-wild.html) 2026-02-13T08:44Z 1M followers, [----] engagements "Microsoft Patches [--] Vulnerabilities Including Six Actively Exploited Zero-Days Microsoft patches [--] vulnerabilities including six actively exploited zero-days with CISA mandating urgent federal remediation" [X Link](https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html) 2026-02-11T10:28Z 1M followers, 13.1K engagements "German Agencies Warn of Signal Phishing Targeting Politicians Military Journalists Germanys BSI and BfV warn of state-linked Signal phishing using fake support chats PIN theft and device linking to access sensitive accounts" [X Link](https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html) 2026-02-07T11:16Z 1M followers, 78.3K engagements "ThreatsDay Bulletin: Codespaces RCE AsyncRAT C2 BYOVD Abuse AI Cloud Intrusions & 15+ Stories ThreatsDay Bulletin: Key cyber updates on ransomware cloud intrusions phishing botnets supply-chain risks and nation-state threat activity" [X Link](https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html) 2026-02-05T13:05Z 1M followers, 63K engagements "OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in v2026.1.29" [X Link](https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html) 2026-02-02T16:35Z 1M followers, 77.1K engagements "UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors Cisco Talos links UAT-9921 to VoidLink a modular Zig-based malware targeting Linux cloud systems with stealth plugins and C2 control" [X Link](https://thehackernews.com/2026/02/uat-9921-deploys-voidlink-malware-to.html) 2026-02-13T15:24Z 1M followers, [----] engagements "Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs Suspected Russian actor deploys CANFAIL malware via phishing targeting Ukrainian defense energy and aid sectors using LLM-assisted lures" [X Link](https://thehackernews.com/2026/02/google-ties-suspected-russian-actor-to.html) 2026-02-13T17:29Z 1M followers, [----] engagements "OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills OpenClaw integrates VirusTotal Code Insight scanning for ClawHub skills following reports of malicious plugins prompt injection & exposed instances" [X Link](https://thehackernews.com/2026/02/openclaw-integrates-virustotal-scanning.html) 2026-02-08T07:55Z 1M followers, [----] engagements "Malicious Chrome Extensions Caught Stealing Business Data Emails and Browsing History Malicious Chrome Extensions Caught Stealing Business Data Emails and Browsing History Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities" [X Link](https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html) 2026-02-13T11:27Z 1M followers, 30.7K engagements "APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks APT28 exploited a Microsoft Office flaw to deliver MiniDoor and Covenant Grunt malware in targeted attacks across Ukraine and Eastern Europe" [X Link](https://thehackernews.com/2026/02/apt28-uses-microsoft-office-cve-2026.html) 2026-02-03T09:13Z 1M followers, 22.5K engagements "Claude Opus [---] Finds 500+ High-Severity Flaws Across Major Open-Source Libraries Anthropics Claude Opus [---] identified 500+ unknown high-severity flaws in open-source projects advancing AI-driven vulnerability detection" [X Link](https://thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity.html) 2026-02-06T05:52Z 1M followers, 128K engagements "Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata Docker patched a critical Ask Gordon AI flaw enabling code execution and data theft via malicious image metadata in version 4.50.0" [X Link](https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html) 2026-02-03T16:44Z 1M followers, 10.5K engagements "APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities Pakistan-aligned APT36 and SideCopy target Indian defense and government entities using phishing-delivered RAT malware across Windows and Linux system" [X Link](https://thehackernews.com/2026/02/apt36-and-sidecopy-launch-cross.html) 2026-02-11T14:54Z 1M followers, [----] engagements Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing
@TheHackersNews The Hacker News
Multiple high-profile hacking incidents and vulnerabilities have been recently reported. North Korean hackers are using fake job interviews to spread malware, while Chinese hackers are targeting governments and defense contractors using various backdoors and exploits. Additionally, critical flaws have been discovered in various software, including Cisco VPN gear, SolarWinds Web Help Desk, and Supermicro BMC, which could allow attackers to gain unauthorized access.
Engagements: [-------] #
- [--] Week [---------] -8.40%
- [--] Month [---------] +50%
- [--] Months [----------] +104%
- [--] Year [----------] +32%
Mentions: [---] #
- [--] Week [---] -10%
- [--] Month [---] +36%
- [--] Months [-----] +30%
- [--] Year [-----] +38%
Followers: [---------] #
- [--] Week [---------] +1.30%
- [--] Month [---------] +5.80%
- [--] Months [---------] +8.60%
- [--] Year [---------] +9.50%
CreatorRank: [------] #
Social Influence
Social category influence technology brands 28.29% stocks #4341 countries 10.08% social networks 5.04% finance 3.1% cryptocurrencies 1.55%
Social topic influence ai #2512, $googl #838, microsoft #276, systems #45, crypto #1978, data 3.88%, china 3.49%, telegram #386, hidden 3.1%, apple #2094
Top accounts mentioned or mentioned by @jackgoesvirtual @intelligencer41 @securedotcom @ababino @kindnessuae @grok @huntresslabs @talossecurity @sanarsh11 @transcrypts_ @paliraj94187 @dcicybersecnews @bteater51 @reverseai @anantnetratech @zastai @activestates @orchidsecurity @semgrep @filigranhqs
Top assets mentioned Alphabet Inc Class A (GOOGL) Microsoft Corp. (MSFT) SolarWinds Corporation Common Stock (SWI) Zscaler Inc (ZS) Solana (SOL)
Top Social Posts
Top posts by engagements in the last [--] hours
"Security startup @zast_ai secured new backing to scale AI-driven vulnerability validation. Its research led to [---] CVE assignments after uncovering hundreds of zero-days. Affected targets included Azure SDK Apache Struts and Alibaba Nacos. π Funding research scope enterprise impact https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html"
X Link 2026-02-11T09:03Z 1M followers, [----] engagements
"Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent Quick Share flaw CVE-2024-10668 bypasses earlier fixes enabling DoS or unauthorized file delivery"
X Link 2025-04-03T08:21Z 1M followers, 24.1K engagements
"Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate devices via SAML abuse"
X Link 2026-01-23T12:31Z 1M followers, 20.7K engagements
"Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm Open VSX supply chain attack hijacked VS Code extensions delivered GlassWorm malware stealing macOS crypto and developer data"
X Link 2026-02-02T05:08Z 998.1K followers, 46.8K engagements
"Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited Security Updates Released Ivanti released fixes for two actively exploited EPMM zero-day RCE flaws including CVE-2026-1281 added to CISAs KEV affecting versions before 12.8"
X Link 2026-01-30T04:47Z 997.8K followers, 53.7K engagements
"SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass SolarWinds fixed six Web Help Desk vulnerabilities including four critical flaws that allow unauthenticated remote code execution"
X Link 2026-01-29T09:01Z 1M followers, 12.4K engagements
"Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk"
X Link 2026-02-04T07:12Z 993K followers, [--] engagements
"Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos Microsoft confirms a 3-phase strategy to deprecate NTLM improve auditing prioritize Kerberos and disable NTLM by default in future Windows releases"
X Link 2026-02-02T16:06Z 1M followers, 14.2K engagements
"Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP Critical Apache HugeGraph vulnerability exploited in the wild. Urgent update required to prevent remote code execution attacks. Patch now available"
X Link 2026-02-06T22:05Z 1M followers, [--] engagements
"Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations Arctic Wolf reports automated attacks on FortiGate devices abusing FortiCloud SSO flaws to change firewall settings and steal configurations"
X Link 2026-01-22T06:12Z 997.5K followers, 11.1K engagements
"⚡ Weekly Recap: Firewall Flaws AI-Built Malware Browser Traps Critical CVEs & More Weekly cybersecurity recap covering emerging threats fast-moving attacks critical flaws and key security developments you need to track this week"
X Link 2026-01-26T14:08Z 992.3K followers, 34.8K engagements
"CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog CISA added VMware vCenter vulnerability CVE-2024-37079 to its KEV list after confirmed in-the-wild exploitation urging organizations to apply patches"
X Link 2026-01-24T08:10Z 994.2K followers, 38.2K engagements
"China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since [----] Experts details PeckBirdy a JavaScript C2 framework used since [----] by China-aligned attackers to spread malware via fake updates & web injections"
X Link 2026-01-27T09:04Z 995.7K followers, 16K engagements
"Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access Experts uncovered malicious Chrome extensions that replace affiliate links exfiltrate data and steal ChatGPT authentication tokens from users"
X Link 2026-01-30T13:47Z 1M followers, 22.9K engagements
"Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution Researchers disclosed two n8n vulnerabilities that let authenticated users bypass JavaScript and Python sandboxes to run arbitrary code"
X Link 2026-01-28T12:44Z 1M followers, 18.3K engagements
"Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions Cybercriminals exploit Grok to bypass X ad protections spreading malware via hidden links amplified to millions"
X Link 2025-08-16T05:35Z 1M followers, 38.4K engagements
"Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware giving attackers persistent remote access to developer syst"
X Link 2026-01-28T17:48Z 1M followers, 17.8K engagements
"Ex-Google Engineer Convicted for Stealing [----] AI Trade Secrets for China Startup A U.S. jury convicted a former Google engineer of stealing over [----] AI trade secret documents to benefit China-linked companies DOJ says"
X Link 2026-01-30T07:39Z 1M followers, 26.3K engagements
"When Cloud Outages Ripple Across the Internet Cloud outages expose identity systems as critical failure points turning infrastructure disruptions into major business continuity risks"
X Link 2026-02-03T11:36Z 996.5K followers, [----] engagements
"New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands Critical n8n flaw CVE-2025-68668 allows authenticated users to run system commands via workflows; affects versions 1.0.0 to before 2.0.0 fixed in 2.0"
X Link 2026-01-06T05:13Z 999.5K followers, 22.7K engagements
"eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware Attackers breached eScan antivirus update infrastructure to push malicious updates deploying persistent malware on enterprise and consumer systems"
X Link 2026-02-02T06:02Z 995.4K followers, [--] engagements
"Russian ELECTRUM Tied to December [----] Cyber Attack on Polish Power Grid Dragos attributes a December [----] Polish grid attack to ELECTRUM disrupting [--] DER sites without outages but damaging OT"
X Link 2026-01-28T16:16Z 993.2K followers, 10.1K engagements
"Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts Five fake Chrome extensions impersonate Workday and NetSuite to steal cookies block admin controls and hijack sessions for account takeover"
X Link 2026-01-16T14:11Z 994.5K followers, 13.2K engagements
"Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution A critical vm2 Node.js vulnerability (CVE-2026-22709 CVSS 9.8) allows sandbox escape via Promise handler bypass"
X Link 2026-01-28T14:07Z 1M followers, 11.9K engagements
"Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps Study of 100+ energy OT sites reveals unpatched devices flat networks and hidden assets with critical issues detected within minutes"
X Link 2026-01-29T15:58Z 1M followers, [----] engagements
"DarkSpectre Browser Extension Campaigns Exposed After Impacting [---] Million Users Worldwide A China-linked threat actor used malicious browser extensions over seven years to steal data and corporate intelligence from Chrome Edge and Firefox"
X Link 2025-12-31T16:19Z 1M followers, 17.7K engagements
"The Buyer’s Guide to AI Usage Control AI adoption is surging but enterprises lack visibilityAI Usage Control enables real-time governance of interactions and risks"
X Link 2026-02-05T11:49Z 996.5K followers, [--] engagements
"China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking Malware Delivery China-linked DKnife framework uses router-level AitM implants for traffic hijacking credential theft and malware delivery targeting edge devices"
X Link 2026-02-06T14:57Z 1M followers, [----] engagements
"Trend Micro Apex Central RCE Flaw Scores [---] CVSS in On-Prem Windows Versions Trend Micro patched a critical Apex Central on-prem Windows flaw (CVE-2025-69258) with CVSS [---] that allows remote code execution if access exists"
X Link 2026-01-09T10:01Z 1M followers, 14.7K engagements
"GootLoader Malware Uses [-------] Concatenated ZIP Archives to Evade Detection GootLoader malware is abusing malformed ZIP archives that bypass common tools like WinRAR & deliver JavaScript payloads via Windows default extractor"
X Link 2026-01-16T18:04Z 993.1K followers, 13.9K engagements
"Matrix Push C2 Uses Browser Notifications for Fileless Cross-Platform Phishing Attacks Matrix Push C2 abuses browser notifications for fileless cross-platform phishing while Velociraptor misuse rises after a Windows Server flaw"
X Link 2025-11-22T07:10Z 998.7K followers, 149.3K engagements
"Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server Warlock ransomware breached SmarterTools via unpatched SmarterMail exploiting critical flaws to access Windows systems and deploy encryption payloads"
X Link 2026-02-10T11:30Z 1M followers, [--] engagements
"Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities Pakistan-linked hackers targeted Indian government entities using phishing Google services Golang malware and GitHub-based command-and-control"
X Link 2026-01-27T16:46Z 1M followers, 13.4K engagements
"⚡ Weekly Recap: AI Skill Malware 31Tbps DDoS Notepad++ Hack LLM Backdoors and More This weeks cyber recap covers AI risks supply-chain attacks major breaches DDoS spikes and critical vulnerabilities security teams must track"
X Link 2026-02-09T13:55Z 1M followers, [--] engagements
"Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed private meeting data"
X Link 2026-01-19T17:22Z 993.5K followers, 113.4K engagements
"Two Firms That Plotted Against WikiLeaks Finally Apologize Two Firms That Plotted Against WikiLeaks Finally Apologize Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities"
X Link 2026-02-05T19:25Z 997.2K followers, [--] engagements
"Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected Fortinet released updates for an actively exploited FortiOS SSO authentication bypass flaw CVE-2026-24858 now listed by CISA in KEV"
X Link 2026-01-28T04:53Z 1M followers, 16K engagements
"Rogue NuGet Package Poses as Tracer.Fody Steals Cryptocurrency Wallet Data A fake NuGet package mimicking Tracer.Fody stayed online for years stealing Stratis wallet files and passwords from Windows systems"
X Link 2025-12-16T15:43Z 1M followers, 10.8K engagements
"Researchers Find [------] Publicly Exposed Ollama AI Servers Across [---] Countries Over [------] publicly exposed Ollama AI servers across [---] countries with many enabling tool calling that allows code execution and LLMjacking abuse"
X Link 2026-01-29T18:39Z 1M followers, 15.6K engagements
"Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi Zero-click AirPlay vulnerabilities exposed in March [----] could let malware spread across networks undetected"
X Link 2025-05-05T17:07Z 1M followers, 38.2K engagements
"GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware GeoServer vulnerability exploited to deliver malware botnets and backdoors affecting global IT government and telecom sectors"
X Link 2024-09-06T15:16Z 991.9K followers, [----] engagements
"Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions Google releases critical Chrome update patching zero-day CVE-2025-10585 discovered Sept [--] to block active V8 JavaScript engine exploits worldwide"
X Link 2025-09-18T05:51Z 999.5K followers, 145.2K engagements
"Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution Apache OFBiz vulnerability CVE-2024-45195 patched preventing unauthenticated remote code execution on Linux and Windows"
X Link 2024-09-06T05:22Z 994.3K followers, 11.8K engagements
"How Samsung Knox Helps Stop Your Network Security Breach Discover how Samsung Knox enhances mobile network security with granular controls Zero Trust principles & seamless integration for a safer enterprise"
X Link 2026-02-06T10:43Z 1M followers, [----] engagements
"Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials browser data and cryptocurrency wallets on Windows"
X Link 2026-01-20T20:16Z 1M followers, [---] engagements
"Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App North Korean group Kimsuky uses QR code phishing sites posing as CJ Logistics to spread DocSwap Android malware with RAT capabilities"
X Link 2025-12-18T07:45Z 1M followers, [----] engagements
"Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day CVE-2026-21509 a security feature bypass flaw"
X Link 2026-01-27T07:21Z 998.5K followers, 117.3K engagements
"Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware A multi-stage phishing campaign targeting Russia abuses GitHub and Dropbox to disable Microsoft Defender and deploy Amnesia RAT and ransomware"
X Link 2026-01-24T11:09Z 1M followers, 15.9K engagements
"Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution CVE-2025-22604 in Cacti (CVSS 9.1) enables authenticated attackers to execute remote code. Upgrade to version 1.2.29 to mitigate the critical flaw"
X Link 2025-01-29T10:21Z 995.2K followers, 19.3K engagements
"SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers Microsoft links SolarWinds WHD exploits to RCE lateral movement and domain compromise in multi-stage attacks"
X Link 2026-02-09T15:11Z 1M followers, [---] engagements
"North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware OtterCookie v5 merges BeaverTail features with new keylogging and blockchain-based C2 tactics"
X Link 2025-10-17T13:33Z 998.8K followers, 44.6K engagements
"Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models Microsoft develops a lightweight scanner that detects backdoors in open-weight LLMs using three behavioral signals improving AI model security and tr"
X Link 2026-02-04T18:56Z 997.2K followers, [---] engagements
"Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Iran-linked RedKitten uses malicious Excel files AI-generated macros and cloud services to spy on human rights NGOs and activists"
X Link 2026-01-31T12:03Z 998.9K followers, 11.4K engagements
"Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments Hackers exploit NFC technology and mobile payments enabling global fraud through Google Pay and Apple Pay"
X Link 2024-11-20T13:09Z 1M followers, 28.7K engagements
"40000 Attacks in [--] Days: Critical Confluence RCE Under Active Exploitation Hackers are actively exploiting a critical Atlassian Confluence flaw (CVE-2023-22527) within days of its reveal"
X Link 2026-02-06T16:15Z 998.8K followers, [--] engagements
"Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat A new PHALT#BLYX campaign targets European hotels using fake Booking.com emails ClickFix lures PowerShell and MSBuild to deploy DCRat malware"
X Link 2026-01-06T17:29Z 1M followers, 28.1K engagements
"Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic Microsofts Whisper Leak shows encrypted AI chats can secretly reveal user topics through subtle traffic patterns"
X Link 2025-11-08T14:31Z 1M followers, 102.8K engagements
"⚡ Weekly Recap: Proxy Botnet Office Zero-Day MongoDB Ransoms AI Hijacks & New Threats This weeks cybersecurity recap highlights key attacks zero-days and patches to keep you informed and secure"
X Link 2026-02-02T13:22Z 1M followers, 10.2K engagements
"Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas A critical Grist-Core flaw (CVE-2026-24002 CVSS 9.1) allows remote code execution through malicious formulas when Pyodide sandboxing is enabled"
X Link 2026-01-27T10:38Z 996.3K followers, 11.1K engagements
"Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks China-linked Mustang Panda used updated COOLCLIENT malware in [----] espionage to steal data from government and telecom targets across Asia and Russia"
X Link 2026-01-28T12:22Z 1M followers, [----] engagements
"β Update: Contagious Interview now uses OtterCandy a Node.js RAT + info-stealer tied to North Korean actors. Hides in npm/supply-chain lures uses socket.io C2 to steal browser passwords & crypto wallets. v2 adds Suiet/Trust/Rabby harvesting + Windows registry wipes. Read https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html https://thehackernews.com/2025/10/north-korean-hackers-combine-beavertail.html"
X Link 2025-10-19T06:22Z 1M followers, 23.6K engagements
"π¨ Hackers found a new way to phish through browser notifications. A new tool called Matrix Push C2 lets attackers send fake alerts that look like real ones from PayPal Netflix or TikTok. No downloads. No malware file. Just one click and your datas theirs. Learn more https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html"
X Link 2025-11-22T07:10Z 998.7K followers, 107.8K engagements
"π° A fake NuGet package stole crypto wallets for more than five years. It copied a popular .NET tracing library and hid as a normal dependency. One extra letter in the author name led to about [----] downloads since [----]. It exfiltrated Stratis wallet JSON files and passwords to a Russian IP. π Read: https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html"
X Link 2025-12-16T15:43Z 1M followers, 10.7K engagements
"North Korealinked Kimsuky has been tied to a new Android malware campaign. The group is spreading a fresh DocSwap variant through QR codes on fake CJ Logistics sites. Once installed the app deploys a full RAT with access to messages calls files audio and camera. π Read analysis here https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html"
X Link 2025-12-18T07:45Z 1M followers, [----] engagements
"π¨ Trend Micro patched a critical flaw in on-prem Apex Central for Windows that can lead to SYSTEM-level code execution. CVE-2025-69258 (CVSS 9.8) allows a remote unauthenticated attacker with endpoint access to load a malicious DLL via MsgReceiver.exe. On-prem builds below [----] are affected. π Details https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html https://thehackernews.com/2026/01/trend-micro-apex-central-rce-flaw.html"
X Link 2026-01-09T10:01Z 1M followers, 12.3K engagements
"π¨ Researchers uncovered [--] malicious Chrome extensions masquerading as HR/ERP tools like Workday and NetSuite. They exfiltrate auth cookies and suppress access to security and admin pages via DOM manipulation. π Details here https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html"
X Link 2026-01-16T14:11Z 994.5K followers, 11.3K engagements
"π¨ Researchers found an indirect prompt injection flaw abusing Google Gemini via calendar invites. A hidden prompt in an event could trigger Gemini when asked about a schedule to summarize private meetings into a new calendar entryvisible to attackers in some enterprise setups. No user action required. π Read https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html"
X Link 2026-01-19T17:22Z 993.4K followers, 113.1K engagements
"π¨ Uncharted: The AI Safety & Security Summit hosted by Fuel iX. Hidden vulnerabilities and compliance challenges are emerging faster than ever. Access [--] expert-led sessions and a comprehensive report revealing risks in [--] generative AI models. π Uncover hidden dangers in frontier AI models β Learn legal frameworks balancing innovation with responsibility π‘ Get proactive defense strategies from top CISOs π Receive a detailed report on vulnerabilities and actionable strategies Access it now on-demand: https://thn.news/ai-summit-insights https://thn.news/ai-summit-insights"
X Link 2026-01-20T13:06Z 1M followers, 43.1K engagements
"π¨ Fortinet FortiGate under automated SSO abuse. Attackers exploit CVE-2025-59718/59719 to add admin users enable VPN access and export firewall configs within seconds per Arctic Wolf. π Learn whats happening and what to disable https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html https://thehackernews.com/2026/01/automated-fortigate-attacks-exploit.html"
X Link 2026-01-22T06:12Z 997.5K followers, [----] engagements
"π¨ Fortinet confirms active exploitation of CVE-2025-59718 / [-----] allowing FortiGate FortiCloud SSO bypass even on fully patched devices. Attackers abuse crafted SAML logins to gain admin access add persistent accounts enable VPN and steal configs. Disabling FortiCloud SSO is advised. π Details https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html"
X Link 2026-01-23T12:31Z 997.7K followers, 17.5K engagements
"π¨ CISA confirms active exploitation of a critical VMware vCenter Server flaw. CVE-2024-37079 allows remote code execution via a DCE/RPC heap overflow if an attacker has network access. π Details https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html https://thehackernews.com/2026/01/cisa-adds-actively-exploited-vmware.html"
X Link 2026-01-24T08:10Z 994.2K followers, 34.1K engagements
"β A single spreadsheet formula can now lead to full server takeover in Grist-Core. The flaw CVE-2026-24002 (CVSS 9.1) breaks out of the Pyodide sandbox letting attackers run OS commands and access files and secrets. π Read https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html"
X Link 2026-01-27T10:38Z 996.2K followers, [----] engagements
"Indian government networks were targeted in two cyber campaigns linked to a Pakistan-based actor. Tracked by Zscaler as Gopher Strike and Sheet Attack the key tactic was India-only malware delivery filtered by IP and Windows systems to evade analysis. π Attack chain and tools explained https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html https://thehackernews.com/2026/01/experts-detect-pakistan-linked-cyber.html"
X Link 2026-01-27T16:46Z 1M followers, 12.9K engagements
"π§ Fortinet issues patch update for actively exploited FortiOS SSO flaw. The fix addresses CVE-2026-24858 (CVSS 9.4) an SSO authentication bypass that can allow cross-tenant device access when FortiCloud SSO is enabled. CISA has added the issue to its KEV list setting a Jan [--] remediation deadline. π Details https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html"
X Link 2026-01-28T04:53Z 998K followers, 10.3K engagements
"π Malicious PyPI spellchecker packages shipped a Python RAT. The payload was hidden in a dictionary file stayed dormant then executed after an update. spellcheckpy v1.2.0 activated it turning a simple import into remote access. π Read https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html"
X Link 2026-01-28T10:01Z 1M followers, [----] engagements
"β n8n disclosed two sandbox escape flaws that let authenticated users seize control of automation servers. One issue is rated CVSS [---] and enables full RCE. Risk is higher in internal execution mode which n8n already advises against. π Details https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html"
X Link 2026-01-28T12:44Z 995.5K followers, 10.9K engagements
"π¨ A critical flaw in the vm2 Node.js library lets attackers escape the sandbox and run code on the host system. Tracked as CVE-2026-22709 (CVSS 9.8) the issue stems from improper Promise handler sanitization. π How the flaw works https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html"
X Link 2026-01-28T14:07Z 1M followers, [----] engagements
"π¨ Fake VS Code extension abused #Moltbots name to deliver remote access malware. It posed as an AI assistant despite Moltbot having no official VS Code plugin. Once installed it auto-ran on IDE launch and dropped ScreenConnect for persistent remote control. π Read https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html"
X Link 2026-01-28T17:48Z 997.9K followers, 17K engagements
"π¨ Fake ChatGPT Chrome add-on stole 459+ API keys: Keys sent to Telegram after logout or chat delete. Hidden Google access raised the real stakes. https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html#::text=Malicious%20Chrome%20Extensions%20Steal%20OpenAI%20API%20Keys%20and%20User%20Prompts https://thehackernews.com/2026/01/weekly-recap-firewall-flaws-ai-built.html#::text=Malicious%20Chrome%20Extensions%20Steal%20OpenAI%20API%20Keys%20and%20User%20Prompts"
X Link 2026-01-29T10:43Z 992.1K followers, 22.4K engagements
"β Researchers map 175K publicly exposed Ollama LLM servers worldwide. Tool-calling turns exposed AI into a highest-severity execution risk. Full details: https://thehackernews.com/2026/01/researchers-find-175000-publicly.html https://thehackernews.com/2026/01/researchers-find-175000-publicly.html"
X Link 2026-01-29T18:39Z 997.1K followers, 10.1K engagements
"π WARNING: Ivanti fixes exploited EPMM zero-days with CVSS [---] severity. Exploits enable code execution persistence and access to sensitive device data. Federal agencies face KEV deadlines; temporary patches dont persist across upgrades. Read https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html"
X Link 2026-01-30T04:47Z 997.8K followers, 53.6K engagements
"β SmarterMail fixed a critical unauthenticated RCE in its email server software. The flaw CVE-2026-24423 (CVSS 9.3) lets attackers execute OS commands via a crafted remote server. It affects builds before [----]. π Fixed builds and attack mechanics https://thehackernews.com/2026/01/smartermail-fixes-critical.html https://thehackernews.com/2026/01/smartermail-fixes-critical.html"
X Link 2026-01-30T07:11Z 995.6K followers, [----] engagements
"The FBI has seized the RAMP cybercrime forum shutting down its Tor site and clearnet domain with DOJ coordination. Threat actors are already migrating to other platforms underscoring how fast the underground re-forms after takedowns. π Read https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#major-cybercrime-forum-takedown https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#major-cybercrime-forum-takedown"
X Link 2026-01-30T09:25Z 993.3K followers, [----] engagements
"π Chrome extensions are being abused at scale. Researchers uncovered tools that hijack affiliate links scrape shopping data steal ChatGPT login tokens and even deliver phishing pageswhile passing official store reviews. π Learn more about the affiliate fraud AI token theft and the browser as attack surface https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html"
X Link 2026-01-30T13:47Z 1M followers, 20.7K engagements
"π A suspected Iran-aligned campaign targets NGOs and individuals documenting human rights abuses. HarfangLab tracks the activity as RedKitten using Excel files themed around deceased protesters to deliver malware. The tooling relies on GitHub Google Drive and Telegram for configuration and control with indicators suggesting parts of the code may be LLM-assisted. π Read https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html"
X Link 2026-01-31T12:03Z 995.8K followers, 11.1K engagements
"π± Apple is testing a new iOS setting that reduces how precisely cellular networks can π locate your device. Limit Precise Location restricts location data to a broad area instead of an exact address. π Learn how the setting works and where its available https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#cellular-location-precision-reduced https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#cellular-location-precision-reduced"
X Link 2026-02-01T05:22Z 995.4K followers, 24.3K engagements
"β WARNING: A supply chain attack spread malware via trusted VS Code extensions on Open VSX. Attackers hijacked a real developer account and pushed GlassWorm through four existing tools. 22000+ installs happened before removal. π Read https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html"
X Link 2026-02-02T05:08Z 998.1K followers, 46.8K engagements
"What if the hardest vulnerability to patch is self-doubt ICS environments are unforgiving. Responders cant afford hesitationbut they also can't ignore it. In ICS410 Justin Searle helps practitioners move from doubt to decisive action grounded in technical precision and OT situational awareness. Register for ICS410 at SANS Surge [----] (Feb 2328) and train live with Justin: #SCADA #ICS410 #OTincidentresponse #SANSLiveTraining https://thn.news/sans-surge-26 https://thn.news/sans-surge-26"
X Link 2026-02-02T13:05Z 998.2K followers, 11.3K engagements
"β‘ Microsoft will phase out NTLM in Windows through a three-step plan. Deprecated in June [----] NTLM remains widely used despite known security flaws. NTLM will be disabled by default in a future Windows release with Kerberos becoming the standard. π dtails https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html"
X Link 2026-02-02T16:06Z 1M followers, 14.2K engagements
"π₯ A high-severity RCE flaw in OpenClaw lets attackers take over the local agent with a single click. A crafted link can steal a gateway token via unvalidated WebSocket origins enabling full command execution even on localhost-only setups through the users browser. π Details and attack chain https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html"
X Link 2026-02-02T16:35Z 1M followers, 29.9K engagements
"π¨ China-linked Lotus Blossom compromised Notepad++ hosting infrastructure to hijack update traffic and deliver the Chrysalis backdoor Rapid7 reports. The issue affected older versions and was fixed with version 8.8.9 in December [----]. π Read https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html"
X Link 2026-02-03T05:04Z 997.9K followers, 55.7K engagements
"πΈ Exposed C2 server showed a complete BYOB botnet in the open π§ Droppers loaders and RATs for Windows Linux and macOS were publicly accessible revealing a multi-stage chain for evasion persistence and control. Crypto miners were also hosted. π Read https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html#::text=Exposed%20C2%20Server%20Reveals%20BYOB%20Infrastructure https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html#::text=Exposed%20C2%20Server%20Reveals%20BYOB%20Infrastructure"
X Link 2026-02-03T07:24Z 1M followers, [----] engagements
"π Major cloud outages didnt just break appsthey broke access. When shared cloud services fail identity systems fail too even if the IdP is running. Authentication depends on databases DNS and control planes. π How cloud outages cascade into identity failures https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html"
X Link 2026-02-03T11:36Z 996.5K followers, [----] engagements
"β A critical flaw in Dockers Ask Gordon AI let container metadata execute real commands. A single malicious Docker LABEL could pass through the MCP gateway and run tools with user privileges. Fixed in version 4.50.0. π DockerDash details https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html"
X Link 2026-02-03T16:44Z 995.4K followers, [----] engagements
"π¨We tested [--] leading GenAI models for security vulnerabilities. All [--] failed. Attack success rates ranged from 1.13% to 64.13%. Every model demonstrated exploitable flaws that could turn AI systems into attack vectors. Key findings: - [--] frontier models tested - Hundreds of vulnerabilities found - 100% failure rate - Up to 64% attack success As GenAI transforms industries these results reveal a critical safety & security gap. Traditional security methods can't address the probabilistic nature of AI systems. Our report includes: β
Security profiles of all [--] models β
Analysis of the AI"
X Link 2026-02-04T13:23Z 1M followers, [----] engagements
"β Attackers are hijacking live web traffic by weaponizing NGINX configs linked to React2Shell exploitation. Rogue proxy rules silently reroute user sessions through attacker infrastructureimpacting π gov πedu and Asian π TLD sites. π Details https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html"
X Link 2026-02-05T04:58Z 1M followers, [----] engagements
"Passwords are sliding into legacy status. Passkeys AI governance and verifiable credentials are scaling as identity shifts to real-time trust per Rex Booth SailPoint. π [--] predictions reshaping identity security https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html"
X Link 2026-02-05T07:59Z 1M followers, [----] engagements
"π¦β Is your container adoption outpacing your security maturity Youre not alone. @ActiveState's [----] State of Vulnerability Management & Remediation Report found 82% of DevSecOps leaders experienced a container-related breach last year and 87% expect one in [----]. Learn how to close the remediation gap and the role AI will play in securing your stack by [----]. π₯ Download the report https://thn.news/container-sec-guide https://thn.news/container-sec-guide"
X Link 2026-02-05T12:46Z 1M followers, [----] engagements
"π¨ ThreatsDay Bulletin is live. Watch out for dozens of critical signals showing where attacks are heading next. Codespaces RCE AI cloud intrusion AsyncRAT C2 BYOVD abuse .and 15+ more stories. All updates in one place https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html"
X Link 2026-02-05T13:05Z 1M followers, 58.1K engagements
"π» Access & Persistence Sandbox escape RMM deployment SCR malware Credential theft Voicemail lure access SimpleHelp remote control Supply-chain config abuse Public bucket creds"
X Link 2026-02-05T13:05Z 997.2K followers, [----] engagements
"π Infra & Ops SystemBC botnet DDoSia ops Crypto drainers ClickFix framework ErrTraffic TDS Botnet proxy layers Infra key reuse VPS hosting clusters"
X Link 2026-02-05T13:05Z 1M followers, [----] engagements
"π° Threat Actors & Campaigns Lazarus Nordics Typhoon overlap APT36 startups ShadowSyndicate infra Ransomware CVE surge Crimson RAT lures Crypto scam affiliates Strategic DDoS arrests Entire bulletin here https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html"
X Link 2026-02-05T13:05Z 1M followers, [----] engagements
"AI is foundational for security teams but operational relief still feels out of reach. Tines just launched Voice of Security [----] based on insights from 1800+ security leaders and practitioners. The data shows why workloads remain high and what it takes to unlock real AI impact π https://thn.news/security-insights-24-x https://thn.news/security-insights-24-x"
X Link 2026-02-05T14:02Z 1M followers, [----] engagements
"π‘ Turn intel into action with a 6-stage Threat-Informed Defense pipeline. Map adversary TTPs simulate attacks validate controls and prioritize fixes that reduce real risk. π Download Guide (Framework steps + tooling) https://www.linkedin.com/pulse/turn-intel-action-guide-threatinformed-defense-thehackernews-hru3c/ https://www.linkedin.com/pulse/turn-intel-action-guide-threatinformed-defense-thehackernews-hru3c/"
X Link 2026-02-06T10:36Z 1M followers, [----] engagements
"ππ±π Enterprise security wasnt designed for mobile behavior. Devices move between corporate and public networks while handling sensitive data. Knox Firewall enforces per-app network controls restricting traffic by IP/domain with detailed access logs for investigations. π App rules traffic visibility logging depth https://thehackernews.com/2026/02/how-samsung-knox-helps-stop-your-network-security-breach.html https://thehackernews.com/2026/02/how-samsung-knox-helps-stop-your-network-security-breach.html"
X Link 2026-02-06T11:30Z 1M followers, [----] engagements
"Cisco Talos exposed DKnife a China-linked AitM framework active since [----] on compromised routers and edge devices. It monitors traffic steals credentials and hijacks app/software updates to deploy ShadowPad and DarkNimbus on PCs and phones. π Modules and infection chain https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html"
X Link 2026-02-06T14:57Z 1M followers, [----] engagements
"To celebrate the ultimate partnership this Valentines Day @OrchidSecurity is sharing our "Security Sweetheart" candies. These aren't your typical grocery store hearts they are designed for the unique bond between the IAM + CISO. The Security Sweetheart Collection π¬ Which one would you send to your security "other half" SSO [--] EVA: Because true love means only having to log in once. AUDIT ME: Total transparency is the foundation of any healthy relationship. NO SILOS: Breaking down walls is our love language. ZERO TRUST: It sounds harsh but in security its the ultimate form of devotion. MFA ME:"
X Link 2026-02-09T11:32Z 1M followers, [----] engagements
"Over [--] Software Vendors Issue Security Fixes Across OS Cloud and Network Platforms Patch Tuesday delivers fixes for [--] Microsoft flaws six exploited zero-days plus critical SAP and Intel TDX vulnerabilities"
X Link 2026-02-11T13:31Z 1M followers, [----] engagements
"83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure 83% of Ivanti EPMM exploits traced to one IP as automated scans target governments and enterprises"
X Link 2026-02-12T07:36Z 1M followers, 12.6K engagements
"β π Reynolds ransomware embeds its own BYOVD evasion bundling a vulnerable driver to disable EDR before encryption. It drops the NSecKrnl driver (CVE-2025-68947) to kill security tools reducing detection and affiliate effort. π Read full attack chain and defense insights https://thehackernews.com/2026/02/reynolds-ransomware-embeds-byovd-driver.html https://thehackernews.com/2026/02/reynolds-ransomware-embeds-byovd-driver.html"
X Link 2026-02-10T14:42Z 1M followers, 54.7K engagements
"On February [--] at 9:00 AM PT @Semgrep is hosting its first-ever virtual keynote - Semgrep Secure 2026: Code Security Rebuilt for the AI Era AI is now writing more code than humans and most of it is never reviewed line by line. That reality breaks the assumptions behind traditional AppSec tools which were built for a world where every line of code was human-authored and inspected. This isnt AI added to security. Its security rebuilt for how code is actually created today. Register now and join us live: https://thn.news/semgrep-secure-2026 https://thn.news/semgrep-secure-2026"
X Link 2026-02-11T11:33Z 1M followers, [----] engagements
"π€ One bulletproof-hosted IP drove [---] of [---] Ivanti EPMM exploit attempts. Activity targeted CVSS [---] RCE flaws rotating 300+ user agents while scanning other enterprise platforms in parallel. Signals automated initial-access reconnaissance. π Read https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html"
X Link 2026-02-12T07:36Z 1M followers, 12.2K engagements
"npm killed long-lived tokens after the Sha1-Hulud attack shifting to short-lived sessions and MFA by default. Security improved but MFA phishing and optional publish protections still leave gaps. Console access can still mean package compromise. π Where the new model still fails https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html"
X Link 2026-02-13T10:46Z 1M followers, [----] engagements
"9 Identity Security Predictions for [----] Nine identity security predictions for [----] covering AI governance passwordless access decentralized identity IoT and post-quantum cryptography"
X Link 2026-02-05T07:59Z 1M followers, 16.7K engagements
"ThreatsDay Bulletin: AI Prompt RCE Claude 0-Click RenEngine Loader Auto 0-Days & 25+ Stories This weeks cybersecurity roundup covering emerging attacks malware trends infrastructure abuse and evolving intrusion activity"
X Link 2026-02-12T11:52Z 1M followers, 64.6K engagements
"Five attacks. Five lessons. One goal: resilience. From Boeing to Ascension cybersecurity experts from Halcyon examined #ransomware incidents that reshaped cyber strategy - and the takeaways defenders can apply today. Curious which decisions changed the outcome Swipe to see the high-level hits. Dont wait for an incident to learn from one. Download the full guide: https://thn.news/attacks-changed-everything https://thn.news/attacks-changed-everything"
X Link 2026-02-11T14:00Z 1M followers, [----] engagements
"π€π Identity security is shifting from static controls to AI-run decisions. As outlined by SailPoint CISO Rex Booth AI-driven identity governance will automate access in real time replacing manual reviews and standing privileges. Passkeys and decentralized IDs will further reshape authentication. π [--] forecasts shaping access trust and risk https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html"
X Link 2026-02-11T19:15Z 1M followers, [----] engagements
"A new enterprise study shows only 16% of orgs run Continuous Threat Exposure Management (CTEM). Those that do see 50% better attack surface visibility and stronger tooling adoption creating a widening security gap as environments scale. π Peer benchmarks and risk data breakdown https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html"
X Link 2026-02-12T13:35Z 1M followers, [----] engagements
"β Security firms uncovered coordinated abuse of Chrome extensions across business social and AI tools. From Meta ad accounts to Gmail inboxes attackers used add-ons to scrape data inject payloads and persist inside sessions. π Read https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html"
X Link 2026-02-13T11:27Z 1M followers, [----] engagements
"π CISA orders federal agencies to remove unsupported edge devices within [----] months. Unpatched firewalls routers IoT and perimeter gear are now flagged as prime entry pointsactively exploited by state-backed actors for network access. π Directive scope deadlines device list https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html"
X Link 2026-02-06T13:44Z 1M followers, [----] engagements
"China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign UNC3886 targeted Singapores telecom operators via zero-day exploits rootkits and VMware systems; no customer data breach confirmed"
X Link 2026-02-09T17:02Z 1M followers, 12.1K engagements
"ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security ZAST.AI raised $6M after uncovering hundreds of zero-days and [---] CVEs using AI-generated PoC validation"
X Link 2026-02-10T12:31Z 1M followers, [----] engagements
"Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.01.120.4 affected patched in newer releases"
X Link 2025-12-23T07:37Z 1M followers, 324.7K engagements
"Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group Rapid7 links China-linked Lotus Blossom to a [----] Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates fixed in v8.8.9"
X Link 2026-02-03T04:58Z 1M followers, 140.8K engagements
"TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure Worm-driven TeamPCP campaign exploits Docker Kubernetes Redis Ray and React2Shell to build proxy infrastructure for data theft and ransomware"
X Link 2026-02-09T08:39Z 1M followers, 46.9K engagements
"Asian State-Backed Group TGR-STA-1030 Breaches [--] Government Infrastructure Entities Asian state-linked hackers breached [--] entities used phishing N-day exploits and rootkits for global espionage"
X Link 2026-02-06T12:08Z 1M followers, 17.5K engagements
"Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack"
X Link 2026-02-06T08:43Z 1M followers, 23.4K engagements
"β ALERT A critical RCE flaw (CVSS 9.9) was found in the n8n workflow automation platform. CVE-2025-68613 lets authenticated users execute arbitrary code enabling full instance takeover data access and system-level actions. More than 103k exposed instances are observed globally. π Details https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html"
X Link 2025-12-23T07:37Z 1M followers, 300.1K engagements
"Kaspersky uncovered three separate infection chains in the Notepad++ supply-chain breach. Attackers rotated C2s payloads and installers for four months targeting government finance and IT entities across multiple regions. Activity stopped in Nov [----]. π Read update here https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html#kaspersky-observes-3-infection-chains https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html#kaspersky-observes-3-infection-chains"
X Link 2026-02-06T07:40Z 1M followers, 84.1K engagements
"State-linked hackers breached 70+ government & critical infrastructure networks across [--] countries Unit [--] reports. Targets include law enforcement finance ministries and border control. Initial access via phishing loaders with payloads staged on GitHub. π Intrusion chain malware design targeting scope https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html"
X Link 2026-02-06T12:08Z 1M followers, 17.2K engagements
"π§π»π» North Korean operatives are using real LinkedIn accounts to land remote IT jobs in Western firms. With impersonated profiles and verified emails DPRK actors secure roles to fund weapons programs and conduct espionagesome gain admin access steal data and maintain persistence. π Read the full investigation https://thehackernews.com/2026/02/dprk-operatives-impersonate.html https://thehackernews.com/2026/02/dprk-operatives-impersonate.html"
X Link 2026-02-10T17:46Z 1M followers, 11.9K engagements
"Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware"
X Link 2026-02-03T14:07Z 1M followers, 13.9K engagements
"China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines Researchers found Chinese-linked attackers abused SonicWall VPN access and VMware ESXi zero-day flaws to escape VMs and gain hypervisor control"
X Link 2026-01-09T17:44Z 1M followers, 15.4K engagements
"Webinar The Smarter SOC Blueprint: Learn What to Build Buy and Automate Live webinar explains how modern SOCs decide what to build buy or automate to reduce tool sprawl and improve outcomes"
X Link 2026-02-03T14:56Z 1M followers, 11.2K engagements
"Apple Patches CVE-2025-43300 Zero-Day in iOS iPadOS and macOS Exploited in Targeted Attacks Apple patches CVE-2025-43300 zero-day in iOS iPadOS and macOS after active exploitation reports"
X Link 2025-08-21T04:48Z 1M followers, 375.5K engagements
"SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS [---] Score SmarterTools fixed critical SmarterMail flaws including CVSS [---] unauthenticated RCE and NTLM relay bugs urging users to update immediately"
X Link 2026-01-30T07:11Z 1M followers, 15.8K engagements
"Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers Python infostealers are spreading from Windows to macOS via Google Ads ClickFix lures and fake installers to steal credentials and financial data"
X Link 2026-02-04T07:44Z 1M followers, [----] engagements
"A Cybercrime Merger Like No Other — Scattered Spider LAPSUS$ and ShinyHunters Join Forces Scattered Spider LAPSUS$ and ShinyHunters unite as Scattered LAPSUS$ Hunters reshaping cybercrime with Telegram extortion"
X Link 2025-11-04T17:25Z 1M followers, 101.5K engagements
"Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access A 9.8-severity flaw (CVE-2026-24061) in GNU InetUtils telnetd allows remote authentication bypass and root access in versions 1.9.3 to 2.7"
X Link 2026-01-22T16:32Z 1M followers, 53.1K engagements
"CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog CISA adds an actively exploited SolarWinds Web Help Desk RCE flaw to KEV ordering federal agencies to patch by February 2026"
X Link 2026-02-04T05:57Z 1M followers, [----] engagements
"New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems Critical OpenSSH vulnerability allows remote code execution on Linux systems. Patch now to protect against potential attacks on millions of exposed se"
X Link 2024-07-02T05:32Z 1M followers, [----] engagements
"GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs GlassWorm malware returns in VS Code extensions hiding via Unicode and reviving itself through blockchain"
X Link 2025-11-10T08:53Z 1M followers, 107.2K engagements
"Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files activating malware on import in version 1.2.0"
X Link 2026-01-28T10:01Z 1M followers, [----] engagements
"ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts Second-order prompt injection exploits ServiceNow agent discovery enabling unauthorized actions unless configurations and monitoring are tightened"
X Link 2025-12-21T13:30Z 1M followers, 16.8K engagements
"New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code VVS Stealer is a Python-based malware sold on Telegram that steals Discord tokens browser data and credentials using heavy code obfuscation"
X Link 2026-01-05T17:23Z 1M followers, [----] engagements
"DeepSeek AI Database Exposed: Over [--] Million Log Lines Secret Keys Leaked DeepSeek AI exposed a database containing secret keys chat logs and backend data allowing full system access"
X Link 2025-01-30T10:09Z 1M followers, 27.9K engagements
"Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox Mozilla will release Firefox [---] with a new settings toggle that lets users completely turn off all current and future generative AI features"
X Link 2026-02-03T05:42Z 1M followers, [----] engagements
"Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 Google confirms nation-state and cybercrime groups exploit a patched WinRAR flaw to gain persistence and deploy malware via Windows Startup folders"
X Link 2026-01-28T09:48Z 1M followers, [----] engagements
"Researchers Null-Route Over [---] Kimwolf and Aisuru Botnet Command Servers The Kimwolf botnet compromised more than [--] million Android devices turning them into residential proxies for DDoS attacks and traffic abuse"
X Link 2026-01-14T19:12Z 1M followers, [----] engagements
"New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector ESET links Russia-backed Sandworm to a failed December [----] cyberattack using DynoWiper malware against Polands power and renewable energy systems"
X Link 2026-01-24T08:24Z 1M followers, 18.4K engagements
"Researchers Find [---] Malicious ClawHub Skills Stealing Data from OpenClaw Users A security audit found [---] malicious ClawHub skills abusing OpenClaw to spread Atomic Stealer and steal credentials on macOS and Windows"
X Link 2026-02-02T17:52Z 1M followers, 24.5K engagements
"Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers North Korean group Konni uses AI-assisted PowerShell malware and phishing via Google ads and Discord to breach blockchain development environments"
X Link 2026-01-26T08:56Z 1M followers, 62.5K engagements
"CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms Poland linked December [----] cyber attacks on energy and manufacturing sites to Static Tundra involving DynoWiper and FortiGate exploits"
X Link 2026-01-31T07:11Z 1M followers, 23K engagements
"40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials Over [--] npm packages trojanized to steal GitHub and cloud credentials via bundle.js malware"
X Link 2025-09-16T05:02Z 1M followers, 280.5K engagements
"Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44 Wiz found a critical Base44 flaw letting attackers access private apps via public app_id. Fixed by Wix"
X Link 2025-07-29T15:39Z 1M followers, 12.5K engagements
"China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns China-linked Amaranth-Dragon and Mustang Panda target Southeast Asian governments using WinRAR exploit and PlugX phishing lures"
X Link 2026-02-04T14:13Z 1M followers, 10.6K engagements
"Exposed Training Open the Door for Crypto-Mining in Fortune [---] Cloud Environments Exposed training apps in cloud environments enable exploitation lateral movement and crypto-mining activity across enterprise infrastructure"
X Link 2026-02-11T11:37Z 1M followers, [---] engagements
"DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files DEAD#VAX campaign delivers AsyncRAT via IPFS-hosted VHD phishing files using fileless memory injection and obfuscated scripts to evade detection"
X Link 2026-02-04T17:27Z 1M followers, 10.9K engagements
"Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control A critical CVSS [----] vulnerability in n8n allows unauthenticated attackers to read files bypass authentication and gain full server control"
X Link 2026-01-07T13:53Z 1M followers, 63.4K engagements
"How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring Sandbox-first investigations and automated triage cut MTTR reduce burnout and triple SOC output without extra hiring"
X Link 2026-02-09T12:29Z 1M followers, [----] engagements
"The First [--] Seconds: How Early Decisions Shape Incident Response Investigations Early incident response decisionsevidence preservation execution analysis and logging visibilitydetermine investigation success"
X Link 2026-02-04T12:00Z 1M followers, [--] engagements
"Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data Ivanti EPMM zero-day flaws enabled cyberattacks on Dutch EU and Finnish government systems exposing employee contact and device data"
X Link 2026-02-10T08:26Z 1M followers, 10.1K engagements
"Who Approved This Agent Rethinking Access Accountability and Risk in the Age of AI Agents AI agents break traditional IAM by enabling delegated access authorization bypass and high-risk ownerless organizational automation"
X Link 2026-01-24T09:00Z 1M followers, 11.5K engagements
"π A WinRAR bug fixed in July [----] is still being exploited. Researchers at Google ties CVE-2025-8088 to Russia- and China-linked actors plus cybercrime groups deploying RATs and stealers showing how quickly n-days get reused. π Read https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html"
X Link 2026-01-28T09:48Z 1M followers, [----] engagements
"β Poland confirms coordinated cyber attacks on 30+ renewable energy sites and a major CHP plant. CERT Polska says the campaign was destructive using wiper malware but failed to disrupt power or heat supply. Access came via vulnerable Fortinet devices. π Read https://thehackernews.com/2026/01/poland-attributes-december-cyber.html https://thehackernews.com/2026/01/poland-attributes-december-cyber.html"
X Link 2026-01-31T07:11Z 1M followers, 20.8K engagements
"β‘π€ Researchers find [---] malicious ClawHub skills targeting OpenClaw users via fake install steps. The skills deploy Atomic Stealer on macOS and keylogging malware on Windows abusing OpenClaws open marketplace model. π Read https://thehackernews.com/2026/02/researchers-find-341-malicious-clawhub.html https://thehackernews.com/2026/02/researchers-find-341-malicious-clawhub.html"
X Link 2026-02-02T17:52Z 1M followers, 23.9K engagements
"π€ Mozilla will add 1-click Firefox setting to fully disable generative AI features. With Firefox [---] users can block all current and future AI features or manage them individually keeping AI strictly opt-in as browsers add more automation. π Read https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html"
X Link 2026-02-03T05:42Z 1M followers, [----] engagements
"π¨ Researchers detect active exploitation of a critical React Native CLI flaw. CVE-2025-11953 allows unauthenticated OS command execution on exposed Metro dev servers with attacks deploying PowerShell and a Rust payload. π Read https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html"
X Link 2026-02-03T14:07Z 1M followers, 12.2K engagements
"π’ WEBINAR ALERT Adding tools hasnt made SOCs calmer or faster. Its mostly added noise. In this session two SOC operators walk through practical build vs buy decisions real models and a customer case study you can reuse. π Join to Watch: https://thehackernews.com/2026/02/webinar-smarter-soc-blueprint-learn.html https://thehackernews.com/2026/02/webinar-smarter-soc-blueprint-learn.html"
X Link 2026-02-03T14:56Z 1M followers, 10.8K engagements
"π¨ SolarWinds Web Help Desk flaw added to CISA KEV CVE-2025-40551 (CVSS 9.8): unauthenticated RCE via deserialization Fixed in WHD v2026.1 Federal agencies must patch by February [--] π Read https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html"
X Link 2026-02-04T05:57Z 1M followers, [----] engagements
"π Microsoft warns infostealers are expanding from Windows to macOS. Since late [----] malvertising (Google Ads) and ClickFix lures have delivered fake DMG installers. Python-based stealers abuse native macOS tools + AppleScript to extract creds cookies and iCloud Keychain data. π Attack chain and theft capabilities https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html"
X Link 2026-02-04T07:44Z 1M followers, [----] engagements
"China-linked Amaranth-Dragon targeted Southeast Asian government and law enforcement networks in [----] with links to the APT41 ecosystem. Campaigns leveraged political lures and the WinRAR CVE-2025-8088 RCE flaw using cloud delivery and geo-fenced infrastructure for stealth. π Read https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html"
X Link 2026-02-04T14:13Z 1M followers, 10.4K engagements
"Threat actors are delivering AsyncRAT via IPFS-hosted VHD files in DEAD#VAX. Phishing emails mount fake PDF drives that run obfuscated scripts and in-memory shellcode inside trusted Windows processesminimal disk trace. π§ Fileless π° IPFS πͺ Process injection πRead https://thehackernews.com/2026/02/deadvax-malware-campaign-deploys.html https://thehackernews.com/2026/02/deadvax-malware-campaign-deploys.html"
X Link 2026-02-04T17:27Z 1M followers, [----] engagements
"β Critical RCE flaw in n8n (CVE-2026-25049 CVSS 9.4) lets authenticated users execute system commands via crafted workflow expressions. Public webhooks exposed remote trigger credential theft server takeover. π Exploit path affected versions patch details https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html"
X Link 2026-02-05T06:23Z 1M followers, 12.9K engagements
"πβ AISURU/Kimwolf launched a record [----] Tbps HTTP DDoS attack mitigated by Cloudflare. Same botnet drove holiday flood campaigns as Q4 hyper-volumetric attacks surged. Runs on 2M+ infected Android devices via proxy networks. π Read https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.html https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.html"
X Link 2026-02-05T17:28Z 1M followers, 12.9K engagements
"π¨ UPDATE: CISA adds SmarterMail RCE (CVE-2026-24423) to KEV after confirming ransomware exploitation in the wild. Unauthenticated attackers can run commands via the ConnectToHub API. Federal agencies must patch by Feb [--]. π Full update https://thehackernews.com/2026/01/smartermail-fixes-critical.html#flaw-exploited-in-ransomware-attacks https://thehackernews.com/2026/01/smartermail-fixes-critical.html#flaw-exploited-in-ransomware-attacks"
X Link 2026-02-06T17:04Z 1M followers, [----] engagements
"π Cloud worm malware campaign is systematically taking over cloud infrastructure. TeamPCP exploits exposed Docker Kubernetes Redis and React2Shell to mass-deploy proxies scanners crypto miners & ransomware across compromised clusters. π Read https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html"
X Link 2026-02-09T08:39Z 1M followers, 46.6K engagements
"π§ͺβ‘ SOC teams arent failing on tools theyre overloaded by triage. Constant validation loops are fueling burnout and SLA drift. CISOs are moving to sandbox-first workflows exposing live behavior early and reducing escalations MTTR and senior drag. π How evidence replaces guesswork https://thehackernews.com/2026/02/how-top-cisos-solve-burnout-and-speed.html https://thehackernews.com/2026/02/how-top-cisos-solve-burnout-and-speed.html"
X Link 2026-02-09T14:19Z 1M followers, [----] engagements
"π¨ Ivanti EPMM Zero-Day Exploits Breach Dutch Regulators Linked to Wider EU Government Intrusions. Attackers exploited CVSS [---] unauthenticated RCE flaws to access employee work contact data. Related activity also impacted the European Commission and Finlands Valtori systems. π Details https://thehackernews.com/2026/02/dutch-authorities-confirm-ivanti-zero.html https://thehackernews.com/2026/02/dutch-authorities-confirm-ivanti-zero.html"
X Link 2026-02-10T08:26Z 1M followers, 10K engagements
"GlassWorm Returns with [--] Malicious Extensions Impersonating Popular Developer Tools GlassWorm spreads again using [--] fake extensions across Visual Studio Marketplace and Open VSX hiding Rust implants & Solana-based C2 to target devs"
X Link 2025-12-02T15:03Z 1M followers, 75.9K engagements
"CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk CISA orders federal agencies to inventory upgrade and remove unsupported edge devices within [----] months to reduce cyber-espionage risk"
X Link 2026-02-06T13:44Z 1M followers, [----] engagements
"Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack GlassWorm spread via [--] VS Code extensions; Solana + Google Calendar C2; stole credentials drained [--] wallets"
X Link 2025-10-24T09:17Z 1M followers, 60.4K engagements
"Google to Shut Down Dark Web Monitoring Tool in February [----] Google will shut down its Dark Web Report in February [----] ending breach scans and deleting user data to refocus on actionable security tools"
X Link 2025-12-16T06:06Z 1M followers, 14.3K engagements
"π Google is shutting down its dark web monitoring tool less than two years after launch. Google admitted the tool surfaced breached data but didnt give people clear next steps. Alerts without action paths dont change outcomes. π Read here: https://thehackernews.com/2025/12/google-to-shut-down-dark-web-monitoring.html https://thehackernews.com/2025/12/google-to-shut-down-dark-web-monitoring.html"
X Link 2025-12-16T06:06Z 1M followers, 14.2K engagements
"β Singapores cyber agency says China-linked UNC3886 targeted all four national telecom operators. Attackers used a firewall zero-day and rootkits to access parts of critical systems. Espionage activity was contained. No service disruption or customer data theft found. π Read https://thehackernews.com/2026/02/china-linked-unc3886-targets-singapore.html https://thehackernews.com/2026/02/china-linked-unc3886-targets-singapore.html"
X Link 2026-02-09T17:02Z 1M followers, 11.7K engagements
"Google to Verify All Android Developers in [--] Countries to Block Malicious Apps Google will verify all Android developers by September [----] in select countries to curb malicious apps"
X Link 2025-08-26T06:29Z 1M followers, 7.1M engagements
"Apple Fixes Exploited Zero-Day Affecting iOS macOS and Apple Devices Apple releases security updates fixing exploited dyld zero-day CVE-2026-20700 enabling code execution across iOS macOS and Apple devices"
X Link 2026-02-12T05:51Z 1M followers, 35.5K engagements
"Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS [---] Vulnerability Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple Microsoft SolarWinds and Notepad++ flaws to KEV list"
X Link 2026-02-13T08:44Z 1M followers, [----] engagements
"Microsoft Patches [--] Vulnerabilities Including Six Actively Exploited Zero-Days Microsoft patches [--] vulnerabilities including six actively exploited zero-days with CISA mandating urgent federal remediation"
X Link 2026-02-11T10:28Z 1M followers, 13.1K engagements
"German Agencies Warn of Signal Phishing Targeting Politicians Military Journalists Germanys BSI and BfV warn of state-linked Signal phishing using fake support chats PIN theft and device linking to access sensitive accounts"
X Link 2026-02-07T11:16Z 1M followers, 78.3K engagements
"ThreatsDay Bulletin: Codespaces RCE AsyncRAT C2 BYOVD Abuse AI Cloud Intrusions & 15+ Stories ThreatsDay Bulletin: Key cyber updates on ransomware cloud intrusions phishing botnets supply-chain risks and nation-state threat activity"
X Link 2026-02-05T13:05Z 1M followers, 63K engagements
"OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in v2026.1.29"
X Link 2026-02-02T16:35Z 1M followers, 77.1K engagements
"UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors Cisco Talos links UAT-9921 to VoidLink a modular Zig-based malware targeting Linux cloud systems with stealth plugins and C2 control"
X Link 2026-02-13T15:24Z 1M followers, [----] engagements
"Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs Suspected Russian actor deploys CANFAIL malware via phishing targeting Ukrainian defense energy and aid sectors using LLM-assisted lures"
X Link 2026-02-13T17:29Z 1M followers, [----] engagements
"OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills OpenClaw integrates VirusTotal Code Insight scanning for ClawHub skills following reports of malicious plugins prompt injection & exposed instances"
X Link 2026-02-08T07:55Z 1M followers, [----] engagements
"Malicious Chrome Extensions Caught Stealing Business Data Emails and Browsing History Malicious Chrome Extensions Caught Stealing Business Data Emails and Browsing History Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities"
X Link 2026-02-13T11:27Z 1M followers, 30.7K engagements
"APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks APT28 exploited a Microsoft Office flaw to deliver MiniDoor and Covenant Grunt malware in targeted attacks across Ukraine and Eastern Europe"
X Link 2026-02-03T09:13Z 1M followers, 22.5K engagements
"Claude Opus [---] Finds 500+ High-Severity Flaws Across Major Open-Source Libraries Anthropics Claude Opus [---] identified 500+ unknown high-severity flaws in open-source projects advancing AI-driven vulnerability detection"
X Link 2026-02-06T05:52Z 1M followers, 128K engagements
"Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata Docker patched a critical Ask Gordon AI flaw enabling code execution and data theft via malicious image metadata in version 4.50.0"
X Link 2026-02-03T16:44Z 1M followers, 10.5K engagements
"APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities Pakistan-aligned APT36 and SideCopy target Indian defense and government entities using phishing-delivered RAT malware across Windows and Linux system"
X Link 2026-02-11T14:54Z 1M followers, [----] engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing