The Hacker News

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

April 12, 2026 add comment
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in... Read more »

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

April 12, 2026 add comment
Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This one’s got some range — old vulnerabilities getting new life, a few “why was that... Read more »

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

April 12, 2026 add comment
Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This one’s got some range — old vulnerabilities getting new life, a few “why was that... Read more »

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

April 11, 2026 add comment
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. ... Read more »

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

April 11, 2026 add comment
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions.  A new report from LayerX exposes just how deep... Read more »

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

April 10, 2026 add comment
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been... Read more »

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

April 10, 2026 add comment
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat’scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet’s targeting infrastructure. “Chaos malware is increasingly targeting misconfigured cloud deployments, expanding... Read more »

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

April 10, 2026 add comment
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8),... Read more »

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

April 9, 2026 add comment
This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was... Read more »

Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

April 9, 2026 add comment
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities. The model... Read more »
Subscribe to our Newsletter