The Hacker News

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...
The Hacker News

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The U.S. State Department has officially launched the Bureau of Emerging Threats, a new unit tasked with protecting U.S.
The Hacker News

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

In December 2025, TechCrunch reported that SIO was behind a set of malicious Android apps that masqueraded as WhatsApp and ...
The Hacker News

The State of Trusted Open Source Report

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...
The Hacker News

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

REF1695 spreads RATs and miners since Nov 2023 via ISO lures, earning 27.88 XMR across four wallets through cryptomining and ...
The Hacker News

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco patches two 9.8 CVSS flaws (CVE-2026-20093, CVE-2026-20160), preventing authentication bypass and root access.
The Hacker News

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Apple expanded iOS 18.7.7 on April 1, 2026 after DarkSword disclosure, enabling auto security updates across more devices.
The Hacker NewsOpinion

Block the Prompt, Not the Work: The End of "Doctor No"

AI extensions after DeepSeek block at U.S. law firm, routing traffic to China servers, exposing compliance risk.
The Hacker News

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

Augmented Marauder targets Latin America and Europe since 2020, using dynamic PDF phishing to spread Casbaneiro via Horabot.
The Hacker News

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

The activity begins with the attackers distributing malicious VBS files via WhatsApp messages that, when executed, create ...
The Hacker News

The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority

AI weaponizes the kill chain across hours or days, forcing continuous exposure and agentic defense to reduce exploitation ...
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...