All Recent Posts

The Hacker News

Day Zero Readiness: The Operational Gaps That Break Incident Response

May 9, 2026 add comment
Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer... Read more »

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

May 9, 2026 add comment
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary... Read more »
The Hacker News

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

May 8, 2026 add comment
Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to... Read more »
Internet Security

RansomHouse says it breached Trellix and exposes internal systems

May 8, 2026 add comment
RansomHouse claimed responsibility for the Trellix breach, adding the security firm to its Tor data leak site and sharing screenshots of internal systems. The RansomHouse ransomware group has claimed... Read more »

ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

May 8, 2026 add comment
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen... Read more »

Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

May 8, 2026 add comment
A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in... Read more »
Internet Security

Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare

May 8, 2026 add comment
Poland’s ABW confirmed hackers breached ICS at five water plants, gaining ability to alter equipment settings. Russia-linked APT groups suspected. Poland’s Internal Security Agency (ABW) has published a detailed... Read more »
Internet Security

Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident

May 8, 2026 add comment
Nearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara customers has... Read more »

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

May 8, 2026 add comment
A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality,... Read more »
Internet Security

Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild

May 8, 2026 add comment
Dirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public. Security researchers have disclosed a new unpatched vulnerability in... Read more »
Subscribe to our Newsletter