The Hacker News

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Ivanti EPMM flaw CVE-2026-6973 exploited in limited attacks; CISA mandates fixes by May 10, 2026, increasing urgency.
The Hacker News

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

PCPJack steals credentials via 6 Python modules exploiting 5 CVEs, enabling cloud spread and fraud-driven attacks.
The Hacker News

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

ThreatsDay Bulletin: fake apps, supply chain attacks, AI-fueled exploits, ransomware chaos, and the biggest cyber threats ...
The Hacker News

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

CVE-2026-0300 exploited after April 9 attempts enables PAN-OS RCE, leading to stealth espionage and lateral movement by April ...
The Hacker News

Day Zero Readiness: The Operational Gaps That Break Incident Response

Delayed IR access and 14-day logs limit visibility during breaches, increasing attacker dwell time and recovery costs.
The Hacker News

One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches

AI-driven phishing enables initial device compromise in 2026, causing rapid breach escalation within minutes, increasing ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
The Hacker News

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...
The Hacker News

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Cybersecurity researchers have exposed a new Mirai -derived botnet that self-identifies as xlabs_v1 and targets ...
The Hacker News

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

MuddyWater used Teams phishing in 2026 to steal credentials, enabling stealthy data exfiltration and persistence without ...
The Hacker News

The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open

CyberStars Awards 2026 launched as a global program recognizing cybersecurity excellence across products, companies, and ...
The Hacker News

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

"A buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks ...