The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

April 28, 2026 add comment
Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown... Read more »

⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

April 27, 2026 add comment
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help... Read more »

Toxic Combinations: When Cross-App Permissions Stack into Risk

April 26, 2026 add comment
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent... Read more »

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

April 25, 2026 add comment
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on... Read more »

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

April 25, 2026 add comment
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its... Read more »

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

April 25, 2026 add comment
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS... Read more »

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

April 25, 2026 add comment
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse... Read more »

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

April 25, 2026 add comment
The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of... Read more »

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

April 24, 2026 add comment
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its... Read more »

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

April 24, 2026 add comment
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September... Read more »
Subscribe to our Newsletter