Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that... 2026-5-11 15:45:0 | 阅读: 3 | 收藏 | The Hacker News - thehackernews.com gemini malicious promptspy llm gtig

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More Rough Monday.Somebody poisoned a trusted download again, somebody else turned cloud servers into... 2026-5-11 12:36:0 | 阅读: 14 | 收藏 | The Hacker News - thehackernews.com 2026 security malicious attackers clickfix

Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a... 2026-5-11 11:30:0 | 阅读: 13 | 收藏 | The Hacker News - thehackernews.com purple teaming autonomous attacker security

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads Supply Chain Attack / Threat IntelligenceA malicious Hugging Face repository managed to take a spo... 2026-5-11 07:5:0 | 阅读: 16 | 收藏 | The Hacker News - thehackernews.com windows anthfu malicious repository powershell

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if succe... 2026-5-10 12:41:0 | 阅读: 23 | 收藏 | The Hacker News - thehackernews.com ollama windows attacker gguf memory

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now Vulnerability / Web HostingcPanel has released updates to address three vulnerabilities in cPanel... 2026-5-9 07:16:0 | 阅读: 17 | 收藏 | The Hacker News - thehackernews.com cpanel 2026 exploited

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER tha... 2026-5-8 18:12:0 | 阅读: 38 | 收藏 | The Hacker News - thehackernews.com trojan brazilian tclbanker windows microsoft

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads Android / Mobile SecurityCybersecurity researchers have discovered fraudulent apps on the official... 2026-5-8 15:8:0 | 阅读: 57 | 收藏 | The Hacker News - thehackernews.com callhistory ib eset brands histories

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers'... 2026-5-8 11:0:0 | 阅读: 22 | 收藏 | The Hacker News - thehackernews.com qlnx c2 processes network

One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk The dark secret of enterprise security operations is that defenders have quietly institutionalized... 2026-5-8 10:30:0 | 阅读: 19 | 收藏 | The Hacker News - thehackernews.com security phishing cloud triage attackers

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials Malware / Threat IntelligenceCybersecurity researchers have disclosed details of a new Linux backd... 2026-5-8 08:41:0 | 阅读: 8 | 收藏 | The Hacker News - thehackernews.com pam pamdoora malicious pluggable

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impactin... 2026-5-8 05:12:0 | 阅读: 21 | 收藏 | The Hacker News - thehackernews.com rxrpc dirty xfrm frag esp4

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access Vulnerability / Network SecurityIvanti is warning that a new security flaw impacting Endpoint Mana... 2026-5-7 17:55:0 | 阅读: 46 | 收藏 | The Hacker News - thehackernews.com 2026 ivanti improper epmm remote

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems Threat Intelligence / Cloud SecurityCybersecurity researchers have disclosed details of a new cred... 2026-5-7 17:45:0 | 阅读: 47 | 收藏 | The Hacker News - thehackernews.com cloud teampcp pcpjack kubernetes security

One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches Artificial Intelligence / Threat DetectionThe hardest part of cybersecurity isn't the technology,... 2026-5-7 13:50:0 | 阅读: 5 | 收藏 | The Hacker News - thehackernews.com patient spot security isolate

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage Vulnerability / Cyber EspionagePalo Alto Networks has disclosed that threat actors may have attemp... 2026-5-7 13:34:0 | 阅读: 30 | 收藏 | The Hacker News - thehackernews.com 2026 crash pan alto security

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories Bad week.Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packag... 2026-5-7 11:33:0 | 阅读: 25 | 收藏 | The Hacker News - thehackernews.com 2026 security memory attacker

Day Zero Readiness: The Operational Gaps That Break Incident Response Having an incident response retainer, or even a pre-approved external incident response firm, is no... 2026-5-7 10:54:0 | 阅读: 23 | 收藏 | The Hacker News - thehackernews.com responders attacker cloud readiness firm

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux Malware / Threat IntelligenceCybersecurity researchers have discovered three packages on the Pytho... 2026-5-7 09:20:0 | 阅读: 29 | 收藏 | The Hacker News - thehackernews.com pypi zichatbot c2 windows

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution Vulnerability / Software SecurityA dozen critical security vulnerabilities have been disclosed in... 2026-5-7 04:15:0 | 阅读: 24 | 收藏 | The Hacker News - thehackernews.com 2026 affects attacker permits vm2