They Got In Through SonicWall. Then They Tried to Kill Every Security Tool
Summary In early February 2026, Huntress responded to an intrusion where threat actors leveraged compromised SonicWall SSLVPN credentials to gain initial access to a victim…
Latest Cybersecurity News — Page 335
View all →
Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling
Sometimes people think they’ve found HTTP request smuggling, when they’re actually just observing HTTP keep-alive or pipelining. This is usually a false positive, but sometimes…
New RFP Template for AI Usage Control and AI Governance
The Hacker NewsMar 04, 2026Artificial Intelligence / SaaS Security As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green…
Old But Gold, Dumping LSASS With Windows Error Reporting On Modern Windows 11
I. LEAD-IN As we know, after an attacker gains control of a machine on the network, the most common action they take is to…
Teenage hacker myth primed for a middle-age criminal makeover
The Hollywood image of criminal hackers being largely teenage ne’er do wells is due for an update. That’s because profit-seeking career criminals — often approaching…
Windows’ original Secure Boot certificates expire in June—here’s what you need to do
The second thing to check is the “default db,” which shows whether the new Secure Boot certificates are baked into your PC’s firmware. If they…
Inside AWS Security Agent: A multi-agent architecture for automated penetration testing
AI agents have traditionally faced three core limitations: they can’t retain learned information or operate autonomously beyond short periods, and they require constant supervision. AWS…
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun
Key Points Check Point Research (CPR) believes a new era of AI-generated malware has begun. VoidLink stands as the first evidently documented case of this…
AI Patch Reliability Score – Predict and Prioritize Patch Impact
What do advisory USN-7545-1 and Windows updates KB5065426, KB5063878, KB5055523, and KB5066835 have in common? Based on anonymized Qualys telemetry from 2025, they were among…
Inline Style Exfiltration: leaking data with chained CSS conditionals
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style…
A Tool That Puts EDRs And Antivirus Into A Coma State
I. STARTER Currently, in addition to merely focusing on avoiding scrutiny from EDRs (Endpoint Detection and Response) and Antivirus, the trend of using BYOVD (Bring…
Targeted advertising is also targeting malware
Among the malware attacks leveraging ads, the company pointed to Ghost Cat, Click Fix and SocGholish but there are several new techniques in the pipeline.…