Author Archives: The Hacker News

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it’s being tested by some customers as part of a limited private preview.
MDASH… Continue reading Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday→

A threat actor with affiliations to China has been linked to a “multi-wave intrusion” targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting.
The activity has been a… Continue reading Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation→

TL;DR: Stop chasing thousands of “toast” alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a “Lethal Chain” to your data—and how to break it. Register for the Strategic Briefing Here.
Most security tools wor… Continue reading [Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)→

TL;DR: Stop chasing thousands of “toast” alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a “Lethal Chain” to your data—and how to break it. Register for the Strategic Briefing Here.
Most security tools wor… Continue reading [Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)→

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed.
Mandiant’s M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DB… Continue reading Most Remediation Programs Never Confirm the Fix Actually Worked→

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed.
Mandiant’s M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DB… Continue reading Most Remediation Programs Never Confirm the Fix Actually Worked→

Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack.
Of the 138 flaws, 30 are rated Critical, 104 are rated Important, th… Continue reading Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws→

Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack.
Of the 138 flaws, 30 are rated Critical, 104 are rated Important, th… Continue reading Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws→

Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution.
“The packag… Continue reading GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data→

Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks.
Intrusion Logging, available as part of Advanced Protection Mode, enables “persistent and privac… Continue reading Android Adds Intrusion Logging for Sophisticated Spyware Forensics→