The Hacker News

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

APT28 deploys PRISMEX using zero-day CVEs since September 2025, targeting Ukraine’s supply chains and NATO partners for ...
The Hacker News

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

Chaos malware targets misconfigured cloud deployments, detected by Darktrace in 2025, expanding botnet monetization via proxy ...
The Hacker News

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Claude Mythos finds thousands of zero-days as Anthropic launches Project Glasswing, enhancing defenses but exposing AI ...
The Hacker News

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

To close these gaps, Gartner has introduced the Identity Visibility and Intelligence Platform (IVIP) as a fundamental "System ...
The Hacker News

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-linked actors target U.S. PLCs using Dropbear and SSH access, disrupting OT systems across sectors and escalating cyber ...
The Hacker News

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
The Hacker News

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Masjesu botnet drives global DDoS attacks since 2023, with nearly 50% traffic from Vietnam, threatening enterprises and IoT ...
The Hacker News

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

Docker CVE-2026-34040 enables AuthZ bypass via padded requests, risking host compromise; fixed in version 29.3.1.
The Hacker News

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

APT28 exploits SOHO routers for global DNS hijacking and adversary-in-the-middle attacks, enabling credential theft and ...
The Hacker News

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

Storm-1175 exploits 16+ CVEs since 2023, including zero-days, enabling rapid Medusa ransomware attacks within 24 hours.
The Hacker News

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.
The Hacker News

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...