Author Archives: The Hacker News

A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email.

The way in was a backdoor on their REDCap research servers that sto… Continue reading Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails→

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi).

According to a report… Continue reading North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels→

A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed

LiteLLM is a widely deployed open-source AI gateway that brokers calls … Continue reading LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers→

A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search.

Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration … Continue reading One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes→

Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod.

This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bai… Continue reading ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More→

Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe.

That usually means sharing a temporary “first-day” password so employees can access system… Continue reading The Onboarding Password Mistake That Creates Unnecessary Risk→

Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family.

The cluster spans 38 separate Chrome Web Store publisher accounts… Continue reading 152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic→

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.

When a site administrator was logged in as the file loaded, the code c… Continue reading Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites→

Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations.

“Th… Continue reading Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts→

Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals.

The vulnerability in question is CVE-2026-0257 (… Continue reading Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw→