The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

April 22, 2026 add comment
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The... Read more »

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

April 22, 2026 add comment
A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O’Lakes, Florida,... Read more »

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

April 22, 2026 add comment
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager,... Read more »

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

April 22, 2026 add comment
Cybersecurity researchers have discovered a vulnerability in Google’s agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity’s permitted... Read more »

5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time

April 21, 2026 add comment
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service... Read more »

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

April 19, 2026 add comment
Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it’s suspending operations after it blamed Western intelligence agencies for a $13.74 million hack.... Read more »

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

April 19, 2026 add comment
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate... Read more »

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

April 18, 2026 add comment
Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON’s Haifei Li,... Read more »

Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul

April 18, 2026 add comment
Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over... Read more »

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

April 18, 2026 add comment
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which... Read more »
Subscribe to our Newsletter