The Alert Firehose Finally Meets Its Match
Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear “Noisy,” “Too much data.” But ask the teams running NDR…
Category: TheHackerNews
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Ravie LakshmananMay 25, 2026Vulnerability / Web Security Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code…
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Ravie LakshmananMay 25, 2026Endpoint Security / Threat Intelligence Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use…
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Ravie LakshmananMay 20, 2026Vulnerability / Encryption Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.…
Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what…
Agent AI is Coming. Are You Ready?
The Hacker NewsMay 20, 2026Identity Security / Enterprise Security New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results…
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
Ravie LakshmananMay 21, 2026Web Security / Vulnerability Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited…
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
Ravie LakshmananMay 23, 2026Vulnerability / Website Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal…
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
Ravie LakshmananMay 23, 2026Vulnerability / Web Security A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The…
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Ravie LakshmananMay 23, 2026Malware / DevSecOps A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run…
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
Ravie LakshmananMay 23, 2026Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security of the software supply chain,…
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Ravie LakshmananMay 23, 2026Artificial Intelligence / Vulnerability Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across…