TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Ravie LakshmananMar 28, 2026Mobile Security / Email Security Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia…
Category: TheHackerNews
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation…
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
Ravie LakshmananMar 28, 2026Vulnerability / Network Security A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity,…
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
Ravie LakshmananMar 28, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP…
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
Ravie LakshmananMar 27, 2026Software Security / DevSecOps Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the…
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
Ravie LakshmananMar 27, 2026Spyware / Mobile Security Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS…
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious…
We Are At War
Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in…
How Hackers and Art Forgers Perfect the Art of Deception
Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can…
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Ravie LakshmananMar 26, 2026Browser Security / Vulnerability Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been exploited to…
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic…
![[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks](https://image.cybernoz.com/wp-content/uploads/2026/03/Webinar-Stop-Guessing-Learn-to-Validate-Your-Defenses-Against-Real-600x340.jpg)
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
The Hacker NewsMar 26, 2026Security Testing / Security Automation Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is…