Author Archives: The Hacker News

INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects.
The initiative involved the efforts of 13 countries from the … Continue reading INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests→

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted… Continue reading ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More→

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else w… Continue reading How to Reduce Phishing Exposure Before It Turns into Business Disruption→

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and… Continue reading Developer Workstations Are Now Part of the Software Supply Chain→

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code.
Topping the list is a critical flaw impacting Ivanti Xtraction (C… Continue reading Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws→

Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP.
The list of identified packages is below –

chalk-tempalte (825 Downloads)
… Continue reading Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware→

A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations.
According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered… Continue reading Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations→

Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully pat… Continue reading MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems→

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck.
The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buff… Continue reading NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE→

Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase.

“Our investigation has determined that no customer data or personal information … Continue reading Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt→