Tag Archives: it security

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM)...

09
May
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that’s capable of...

08
May
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that...

08
May
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to...

08
May
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk

The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice...

08
May
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised...

08
May
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
May 8, 2026

Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux...

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions

Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux...

08
May
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been...

07
May
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets...

07
May
One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches

The hardest part of cybersecurity isn’t the technology, it’s the people. Every major breach you’ve...

07
May
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a...

07
May
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

Bad week. Turns out the easiest way to get hacked in 2026 is still the...

07
May
Day Zero Readiness: The Operational Gaps That Break Incident Response

Having an incident response retainer, or even a pre-approved external incident response firm, is not...

07
May
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are...

07
May
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could...

07
May
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed...

06
May
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten)...

06
May
The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open

For nearly 20 years, we at The Hacker News have mostly told scary stories about...

06
May
Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?

Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed...

06
May
Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks

Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem...

06
May
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs

Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ...

06
May
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in...

06
May
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in...

05
May
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to...

05
May
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government...

05
May
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft...

05
May
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system...

05
May
We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is

While the software industry has made genuine strides over the past few decades to deliver...

05
May
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform...

05
May