The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

March 19, 2026 add comment
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches... Read more »

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

March 19, 2026 add comment
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 (CVSS score:... Read more »

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

March 18, 2026 add comment
Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are... Read more »

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

March 17, 2026 add comment
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The list of vulnerabilities... Read more »

Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026

March 17, 2026 add comment
Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. “If you have chats that are impacted by this change,... Read more »

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

March 16, 2026 add comment
Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. “Unlike traditional exploit-based attacks, this method... Read more »

Why Security Validation Is Becoming Agentic

March 16, 2026 add comment
If you run security at any reasonably complex organization, your validation stack probably looks something like this: a BAS tool in one corner. A pentest engagement, or maybe an... Read more »

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware

March 16, 2026 add comment
A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit... Read more »

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

March 15, 2026 add comment
Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a “significant escalation” in how it propagates through the Open VSX registry. “Instead of... Read more »

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

March 13, 2026 add comment
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques. “The campaign redirects users... Read more »
Subscribe to our Newsletter