Cybersecurity News from Across the Internet
You don’t need to live near a scam compound for it to wreck your life. Americans lost $5.8 billion to crypto investment scams last year alone – and a raid in Sri Lanka this month shows exactly how the operations behind them keep finding new places to hide. Read more in my article on the … Read More “Sri Lanka makes 37 arrests as it raids another scam centre – GRAHAM CLULEY” »
SentinelOne believes the PCPJack campaign may be the brainchild of a former TeamPCP member – Read More –
Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was … Read More “Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions – The Hacker News” »
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions. … Read More “Canvas Breach Disrupts Schools & Colleges Nationwide – Krebs on Security” »
ShinyHunters hackers defaced the official Canvas LMS portal after breaching Instructure systems, disrupting university access worldwide. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Researchers have discovered a new malvertising campaign using a fake Claude AI website to plant a new, undocumented backdoor named Beagle on user devices. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Attackers are hitting Ivanti customers yet again — circling back to a common target and consistently susceptible vendor in the network edge space — by exploiting a zero-day vulnerability in one of the company’s most besieged products. Ivanti warned customers that attackers have successfully exploited CVE-2026-6973, an improper input validation defect in Ivanti Endpoint Manager … Read More “Ivanti customers confront yet another actively exploited zero-day – CyberScoop” »
The Trump administration is redirecting a cybersecurity scholarship program that requires recipients to work in government service toward artificial intelligence, leaving some current program scholars dismayed and bewildered. In an email to participating school program coordinators obtained by CyberScoop, the Office of Personnel Management and National Science Foundation said the CyberCorps Scholarship For Service program … Read More “Trump officials are steering a cybersecurity scholarship program toward AI – CyberScoop” »
Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. “The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting – Read More – The Hacker … Read More “PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems – The Hacker News” »
Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows “a remotely authenticated user with administrative access to achieve … Read More “Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access – The Hacker News” »
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these … Read More “Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Cybersecurity expert Tom Rønning finds Microsoft Edge loads all saved passwords into computer memory as cleartext, making them easy for hackers to steal. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Oasis Security finds critical Cline kanban WebSocket flaw exposing AI coding agents to hijack – Read More –
Traditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible without rethinking data security – Read More –
The hardest part of cybersecurity isn’t the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one “Patient Zero” infection. In 2026, hackers are using AI to make these “first clicks” nearly impossible to spot. If a single laptop gets compromised on … Read More “One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches – The Hacker News” »
Two U.S. nationals were sentenced to 18 months in prison for running laptop farms that facilitated North Korea’s expansive remote IT workers scheme, the Justice Department said Wednesday. Matthew Issac Knoot and Erick Ntekereze Prince both received and hosted laptops at their residences to dupe U.S. companies into thinking remote IT workers they hired were … Read More “American duo sentenced for hosting laptop farms for North Korean IT workers – CyberScoop” »
Sophos finds fake Claude site spreading DonutLoader and a new Beagle backdoor via DLL sideloading – Read More –
Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers – Read More –
Cybersecurity researcher Alexander Hanff claims that Google Chrome automatically installs a 4GB Gemini Nano AI model without user notification or consent. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an … Read More “PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage – The Hacker News” »
Scammers are hiding invisible text inside phishing emails to manipulate AI-powered email filters and increase the chances of scams reaching inboxes. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do. That distinction matters far more than many organizations realize. In … Read More “Day Zero Readiness: The Operational Gaps That Break Incident Response – The Hacker News” »
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a … Read More “ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories – The Hacker News” »
Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The Digital Personal Data Protection (DPDP) Act, 2023, represents a major paradigm shift to how the handling of personal… The post DPDP Compliance for Healthcare and Pharma: Securing Patient Data with CryptoBind Encryption appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
A House Democrat who’s been at the forefront of congressional efforts to scrutinize the federal government’s use of commercial spyware wants the Commerce Department to brief Capitol Hill amid apprehension that the Trump administration might further embrace the technology. Rep. Summer Lee, D-Pa., sent a letter to the department Thursday seeking a briefing on several … Read More “One House Democrat is pressing Commerce on the government’s spyware use – CyberScoop” »
A China-linked threat actor backdoored a version of Daemon Tools to infect thousands – Read More –
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. “While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files,” Kaspersky – … Read More “PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux – The Hacker News” »
AI Leak Fuels Malware Scams. Company source code is proprietary and typically held as top secret. However, a recent software leak accident by Anthropic has led to a cascade of nefarious behaviours by hackers. Anthropic is the well-known creator of Claude AI, and the accidental leak of the source code has allowed scammers to create … Read More “AI Software Leak Lets Scammers Add Malware and Steal Data and Your Money – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.” »
Cofense has warned of a “significant” increase in phishing campaigns abusing Vercel platform – Read More –
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to … Read More “vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution – The Hacker News” »
Explore the best OSINT tools for your digital investigations, threat intelligence, reconnaissance, and tracking online activity in 2026. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Meta’s smart glasses promise privacy “designed for you” – but everything they record was being beamed off to workers in Nairobi to label by hand. When those workers blew the whistle, Meta sacked all 1,108 of them. Meanwhile, the IT press is in a frenzy over a new Linux bug called “Copy Fail” – complete … Read More “Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired – GRAHAM CLULEY” »
A vulnerability has been discovered in the PAN-OS Authentication Portal (aka Captive Portal) service that could allow for remote code execution. PAN-OS is the operating system that runs Palo Alto Networks next-generation firewalls. Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by … Read More “A Vulnerability in PAN-OS Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
A defense technology company with Department of Defense contracts exposed user records and military training materials through API endpoints that lacked meaningful authorization checks, according to an account published by Strix, an open-source autonomous security testing project. The issue affected Schemata, an AI-powered virtual training platform used in military and defense settings. According to Strix, … Read More “A DOD contractor’s API flaw exposed military course data and service member records – CyberScoop” »
Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted – Read … Read More “Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks – The Hacker News” »
Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. “According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims’ credentials and potentially … Read More “Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs – The Hacker News” »
A vulnerability has been discovered in Apache HTTP Server with the HTTP/2 protocol that could allow for remote code execution. Apache is a free, open-source web server software that enables the delivery of web content over the internet. Successful exploitation could result in denial of service, crashing worker processes with minimal effort. In certain setups, especially … Read More “A Vulnerability in Apache HTTP Server Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
Attackers are actively exploiting a zero-day vulnerability affecting some Palo Alto Networks’ customers’ firewalls, the security vendor said in an advisory Tuesday. The critical memory corruption vulnerability — CVE-2026-0300 — affects the authentication portal of PAN-OS, and allows unauthenticated attackers to run code with root privileges on the vendor’s PA-Series and VM-Series firewalls, the company … Read More “A critical Palo Alto PAN-OS zero-day is being exploited in the wild – CyberScoop” »
ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cisco Talos uncovers CloudZ RAT and Pheno plugin abusing Microsoft Phone Link to intercept SMS OTPs – Read More –
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a “false flag” operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social engineering techniques via Microsoft Teams to initiate the infection … Read More “MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack – The Hacker News” »
Siloed planning slows decisions and hides risk. Integrated business planning connects finance, demand, supply, and strategy into a single disciplined cycle. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Rapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attack – Read More –
CISA’s CI Fortify initiative aim for critical infrastructure operators to build isolation & recovery – Read More –
Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Enterprise leaders can request access to the Gartner Market Guide … Read More “Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing? – The Hacker News” »
For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, teams building smarter defenses, and security products that keep hunting threats 24/7 … Read More “The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open – The Hacker News” »
Designing game feel requires responsive controls, hit-stop, sound, animation, and feedback systems that make gameplay satisfying. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
AI-generated code is changing AppSec workflows, forcing teams to rethink SDLC security, dependency checks, code review, and risk prioritization. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
