The Hacker News Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com
- npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
en 23 de mayo de 2026GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release […]
- Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
en 23 de mayo de 2026A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved […]
- Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
en 23 de mayo de 2026Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most […]
- Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
en 23 de mayo de 2026Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to […]
- LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
en 23 de mayo de 2026A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as […]
- Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
en 23 de mayo de 2026The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known […]
- First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
en 22 de mayo de 2026Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure […]
- Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
en 22 de mayo de 2026The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151) has been observed using lures related to Prometheus, a Ukrainian online […]
- Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
en 22 de mayo de 2026Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub […]
- Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
en 22 de mayo de 20261 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware […]
- Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
en 22 de mayo de 2026The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service […]
- CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
en 22 de mayo de 2026The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known […]
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
en 22 de mayo de 2026Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access […]
- Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
en 21 de mayo de 2026Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications […]
- ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
en 21 de mayo de 2026This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then […]
