The Hacker News

Most Remediation Programs Never Confirm the Fix Actually Worked

When every fix gets re-tested and the results are visible to both security and engineering leadership, partial fixes and ...
The Hacker News

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

The Azerbaijani firm was targeted a third time towards the end of February 2026, when the threat actors once again attempted ...
The Hacker News

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

One of the most severe vulnerabilities patched by Redmond is CVE-2026-41096 (CVSS score: 9.8), a heap-based buffer overflow ...
The Hacker News

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft’s new MDASH AI system found 16 Windows vulnerabilities fixed in this month’s Patch Tuesday, including 2 RCE flaws ...
The Hacker News

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Android Intrusion Logging stores encrypted forensic logs for 12 months, helping experts investigate spyware attacks on ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
The Hacker News

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim has released security updates to address a severe security issue affecting certain configurations that could enable ...
The Hacker News

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

A new TrickMo Android banking trojan variant uses TON blockchain infrastructure for stealthy command-and-control ...
The Hacker News

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems halted new registrations after a major attack involving hundreds of malicious packages, increasing supply chain ...
The Hacker News

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...
The Hacker News

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Instructure paid a ransom after hackers stole 275 million Canvas records, reducing risks of wider extortion and leaks.
The Hacker News

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Apple released iOS 26.5 with E2EE RCS messaging, enabling secure cross-platform chats between iPhone and Android users.