All Recent Posts

The Hacker News

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

April 18, 2026 add comment
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which... Read more »
The Hacker News

[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data

April 18, 2026 add comment
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your... Read more »
Internet Security

Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks

April 18, 2026 add comment
A Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that... Read more »

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

April 18, 2026 add comment
A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the... Read more »
Internet Security

Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access

April 18, 2026 add comment
Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher... Read more »
The Hacker News

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

April 18, 2026 add comment
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. “By... Read more »

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

April 17, 2026 add comment
You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are almost... Read more »

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

April 17, 2026 add comment
An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000... Read more »
Internet Security

Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence

April 17, 2026 add comment
Grinex halted operations after a $13.7M hack, blaming Western intelligence. Stolen funds came from wallets of Russian users on the platform. Kyrgyz crypto exchange Grinex halted operations after a... Read more »
Security of TechRepublic

Clothing Retailer Patches Website Flaw Exposing Customer Data

April 17, 2026 add comment
A clothing retailer patched a website flaw that exposed customer data via order links, highlighting risks associated with predictable URL structures. The post Clothing Retailer Patches Website Flaw Exposing... Read more »
Subscribe to our Newsletter