[email protected] (The Hacker News)

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Ravie LakshmananMay 18, 2026Supply Chain Attack / Botnet Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of…

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

Ravie LakshmananMay 18, 2026Industrial Sabotage / Malware A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned…

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Ravie LakshmananMay 18, 2026Zero Day / Vulnerability Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants…

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

Ravie LakshmananMay 17, 2026Server Security / Vulnerability A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The…

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Ravie LakshmananMay 17, 2026Data Breach / Cybercrime Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has…

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

Ravie LakshmananMay 16, 2026Vulnerability / Website Security A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages…

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Ravie LakshmananMay 15, 2026Botnet / Threat Intelligence The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to…

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Ravie LakshmananMay 15, 2026Vulnerability / AI Security Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed…

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

The Hacker NewsMay 15, 2026Endpoint Security / Threat Detection In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no…

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property…

« Previous
1
…
7
8
9
10
11
…
423
Next »