The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

April 12, 2026 add comment
Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This one’s got some range — old vulnerabilities getting new life, a few “why was that... Read more »

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

April 11, 2026 add comment
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. ... Read more »

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

April 11, 2026 add comment
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions.  A new report from LayerX exposes just how deep... Read more »

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

April 10, 2026 add comment
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been... Read more »

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

April 10, 2026 add comment
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat’scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet’s targeting infrastructure. “Chaos malware is increasingly targeting misconfigured cloud deployments, expanding... Read more »

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

April 10, 2026 add comment
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8),... Read more »

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

April 9, 2026 add comment
This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was... Read more »

Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

April 9, 2026 add comment
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities. The model... Read more »

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

April 8, 2026 add comment
Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices,... Read more »

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

April 7, 2026 add comment
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new... Read more »
Subscribe to our Newsletter