Author Archives: The Hacker News

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes.
The supply chain is messy. Packages you did not check are stealing data, adding… Continue reading ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories→

Imagine a world where hackers don’t sleep, don’t take breaks, and find weak spots in your systems instantly.
Well, that world is already here.
Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time y… Continue reading [Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed→

Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google… Continue reading Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?→

Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper.
“The group wields a wide array of tools mostly written in Go, using injectors and… Continue reading China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors→

Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems.
The company said it made the discovery after expan… Continue reading Vercel Finds More Compromised Accounts in Context.ai-Linked Breach→

Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device.
The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging … Continue reading Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case→

Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository.
In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have over… Continue reading Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain→

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens.
The supply chain worm has been detected by both Socket and Step… Continue reading Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens→

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.
“The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a co… Continue reading Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API→

Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.
Dubbed Lotus Wiper, the novel file wiper has been used in a destructive camp… Continue reading Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack→