TheHackerNews

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

Ravie LakshmananMay 01, 2026Malware / Threat Intelligence A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing relay” to distribute…

May 1, 2026 Cybernoz 3 min read

TheHackerNews

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

Ravie LakshmananMay 01, 2026 Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of…

May 1, 2026 Cybernoz 3 min read

TheHackerNews

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

Ravie LakshmananMay 01, 2026Supply Chain Attack / Malware A new software supply chain attack campaign has been observed using sleeper packages as a conduit to…

May 1, 2026 Cybernoz 2 min read

TheHackerNews

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could…

May 1, 2026 Cybernoz 4 min read

TheHackerNews

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Ravie LakshmananApr 30, 2026Cloud Security / Threat Intelligence Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities…

May 1, 2026 Cybernoz 3 min read

TheHackerNews

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Ravie LakshmananApr 30, 2026Supply Chain Attack / Malware In yet another software supply chain attack, threat actors have managed to compromise the popular Python package…

April 30, 2026 Cybernoz 3 min read

TheHackerNews

New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions

Ravie LakshmananApr 30, 2026Linux / Vulnerability Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local…

April 30, 2026 Cybernoz 2 min read

TheHackerNews

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then…

April 30, 2026 Cybernoz 6 min read

TheHackerNews

Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

The Hacker NewsApr 29, 2026Artificial Intelligence / Exposure Validation In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now…

April 30, 2026 Cybernoz 2 min read

TheHackerNews

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Ravie LakshmananApr 29, 2026Supply Chain Attack / Malware Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages…

April 29, 2026 Cybernoz 3 min read

TheHackerNews

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large…

April 29, 2026 Cybernoz 7 min read

TheHackerNews

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

Ravie LakshmananApr 29, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and…

April 29, 2026 Cybernoz 2 min read