Author Archives: The Hacker News

Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level.
“The new R… Continue reading Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security→

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on M… Continue reading Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads→

OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%.
The surge in AI… Continue reading Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)→

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-l… Continue reading 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users→

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), … Continue reading ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers→

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows –

CVE-… Continue reading CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software→

Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT.
A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associ… Continue reading JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025→

The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousand… Continue reading FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts→

Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that i… Continue reading ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More→

Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are wee… Continue reading Your MTTD Looks Great. Your Post-Alert Gap Doesn’t→