The Hacker News

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

April 11, 2026 add comment
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions.  A new report from LayerX exposes just how deep... Read more »

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

April 10, 2026 add comment
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been... Read more »

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

April 10, 2026 add comment
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat’scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet’s targeting infrastructure. “Chaos malware is increasingly targeting misconfigured cloud deployments, expanding... Read more »

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

April 10, 2026 add comment
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8),... Read more »

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

April 9, 2026 add comment
This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was... Read more »

Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

April 9, 2026 add comment
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities. The model... Read more »

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

April 8, 2026 add comment
Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices,... Read more »

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

April 7, 2026 add comment
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new... Read more »

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

April 7, 2026 add comment
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate “high-velocity” attacks and break into... Read more »

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

April 7, 2026 add comment
A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score:... Read more »
Subscribe to our Newsletter