How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
Security teams today are not short on tools or data. They are overwhelmed by both. Yet within the terabytes of alerts, exposures, and misconfigurations –…
Category: TheHackerNews
9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
Ravie LakshmananMar 18, 2026Network Security / Vulnerability Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol)…
Getting the Threat Model Right
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious…
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November…
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
Ravie LakshmananMar 20, 2026Mobile Security / Malware Apple is urging users who are still running an outdated version of iOS to update their iPhones to…
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
Ravie LakshmananMar 20, 2026Web Security / Vulnerability Sansec is warning of a critical security flaw in Magento’s REST API that could allow unauthenticated attackers to…
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Ravie LakshmananMar 21, 2026Malware / Threat Intelligence The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting…
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager…
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Ravie LakshmananMar 21, 2026Cyber Espionage / Threat Intelligence Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs)…
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
Ravie LakshmananMar 21, 2026Vulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS,…
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
The Hacker NewsMar 20, 2026Artificial Intelligence / Data Protection Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry…
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize…