Malicious packages for dYdX cryptocurrency exchange empties user wallets
Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and,…
Latest Cybersecurity News — Page 152
View all →
Explore scaling options for AWS Directory Service for Microsoft Active Directory
You can use AWS Directory Service for Microsoft Active Directory as your primary Active Directory Forest for hosting your users’ identities. Your IT teams can…
Global coalition dismantles Tycoon 2FA phishing kit
Tycoon 2FA, a major phishing kit and platform that allowed low-skilled cybercriminals to bypass multifactor authentication and conduct large-scale adversary-in-the-middle attacks, was dismantled Wednesday by…
They Got In Through SonicWall. Then They Tried to Kill Every Security Tool
Summary In early February 2026, Huntress responded to an intrusion where threat actors leveraged compromised SonicWall SSLVPN credentials to gain initial access to a victim…
Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling
Sometimes people think they’ve found HTTP request smuggling, when they’re actually just observing HTTP keep-alive or pipelining. This is usually a false positive, but sometimes…
New RFP Template for AI Usage Control and AI Governance
The Hacker NewsMar 04, 2026Artificial Intelligence / SaaS Security As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green…
Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11
I. LEAD-IN As we know, after an attacker gains control of a machine on the network, the most common action they take is to…
Teenage hacker myth primed for a middle-age criminal makeover
The Hollywood image of criminal hackers being largely teenage ne’er do wells is due for an update. That’s because profit-seeking career criminals — often approaching…
Windows’ original Secure Boot certificates expire in June—here’s what you need to do
The second thing to check is the “default db,” which shows whether the new Secure Boot certificates are baked into your PC’s firmware. If they…
Inside AWS Security Agent: A multi-agent architecture for automated penetration testing
AI agents have traditionally faced three core limitations: they can’t retain learned information or operate autonomously beyond short periods, and they require constant supervision. AWS…
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun
Key Points Check Point Research (CPR) believes a new era of AI-generated malware has begun. VoidLink stands as the first evidently documented case of this…
AI Patch Reliability Score – Predict and Prioritize Patch Impact
What do advisory USN-7545-1 and Windows updates KB5065426, KB5063878, KB5055523, and KB5066835 have in common? Based on anonymized Qualys telemetry from 2025, they were among…