Critical vm2 sandbox bug lets attackers execute code on hosts
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue…
Month: May 2026
CloudZ RAT Abuses Microsoft Phone Link to Steal SMS OTPs and Mobile Notifications
A newly discovered threat is turning a built-in Microsoft feature into a powerful spying tool. Security researchers have found a remote access tool called CloudZ…
Inside RSAC 2026 – Cyber Defense Magazine
Hello San Francisco San Francisco was electric once again as the cybersecurity world converged for RSAC 2026. Between the non-stop energy and innovations, one thing…
Majority of IT Leaders Struggle to Manage Growing Identity Footprint Amid AI Expansion
New research from Keeper Security reveals that 89% of IT leaders struggle to manage the growing identity footprint amid AI expansion. The Identity Security at…
Hackers Hate AI Slop Even More Than You Do
The complaint sounds familiar. “I’m disappointed that you are working to incorporate AI garbage into the site,” one annoyed person, posting anonymously, said in an…
Phishing Attack Weaponizes Calendar Invites to Steal Login Credentials
A new large-scale phishing campaign is abusing fake event invitations to compromise U.S. organizations, combining credential theft, OTP interception, and the deployment of remote monitoring…
ShinyHunters’ Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users
The infamous hacking group ShinyHunters has targeted two major technology firms, putting the personal details of millions of students and professionals at risk. The breaches…
Google Chrome’s silent 4GB AI download problem
Google Chrome has been quietly downloading a 4GB AI model onto users’ devices without asking first. Security researcher Alexander Hanff, aka ThatPrivacyGuy, reports that Chrome…
The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open
The Hacker NewsMay 06, 2026Security Leadership / Industry Recognition For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace…
Police wrongly identified solicitor Fahad Ansari as Hamas member during Schedule 7 phone seizure
A solicitor who had his mobile phone containing legally privileged material seized and downloaded by police was wrongly described in a police risk assessment as…
Autonomous Offensive Security Firm XBOW Raises $35 Million
Autonomous offensive security firm XBOW on Wednesday announced raising $35 million in an extension of the Series C funding round announced earlier this year. The…
Iranian cyber espionage disguised as a Chaos Ransomware attack
Iranian cyber espionage disguised as a Chaos Ransomware attack Pierluigi Paganini May 06, 2026 Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing,…