Author Archives: The Hacker News

Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution.
“The packag… Continue reading GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data→

Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks.
Intrusion Logging, available as part of Advanced Protection Mode, enables “persistent and privac… Continue reading Android Adds Intrusion Logging for Sophisticated Spyware Forensics→

Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution.
Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to … Continue reading New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution→

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.”
“We’re dealing with a major malicious attack on Ruby Gems right now,” Mac… Continue reading RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded→

Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2).
The new variant, observed by ThreatFabric between January and February 2026, has been observed act… Continue reading New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots→

Why do the Riskiest SOC Alerts Go Unanswered?
Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind spots. The most dangerous alerts are the ones no one is investigating.
A recent report from T… Continue reading Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help→

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has large… Continue reading Why Agentic AI Is Security’s Next Blind Spot→

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.
The… Continue reading Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages→

American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of … Continue reading Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak→

OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using … Continue reading OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation→