HackerNex

The Hacker News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle has released security updates to address a critical secur…

ITZ PASINDU -March 21, 2026

The Hacker News

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)…

ITZ PASINDU -March 21, 2026

The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

The threat actors behind the supply chain attack targeting the p…

ITZ PASINDU -March 21, 2026

The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by…

ITZ PASINDU -March 20, 2026

The Hacker News

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Cybersecurity researchers have flagged a new malware dubbed Spea…

ITZ PASINDU -March 19, 2026

The Hacker News

54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security

A new analysis of endpoint detection and response (EDR) killers …

ITZ PASINDU -March 19, 2026

The Hacker News

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have disclosed a new Android malware f…

ITZ PASINDU -March 19, 2026

The Hacker News

How Ceros Gives Security Teams Visibility and Control in Claude Code

Security teams have spent years building identity and access con…

ITZ PASINDU -March 19, 2026

The Hacker News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

A new exploit kit for Apple iOS devices designed to steal sensit…

ITZ PASINDU -March 19, 2026

The Hacker News

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)…

ITZ PASINDU -March 19, 2026

The Hacker News

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

A high-severity security flaw affecting default installations of…

ITZ PASINDU -March 18, 2026

The Hacker News

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Apple on Tuesday released its first round of Background Security…

ITZ PASINDU -March 18, 2026

The Hacker News

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23

Cybersecurity researchers have disclosed a critical security fla…

ITZ PASINDU -March 17, 2026

The Hacker News

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Cybersecurity researchers have disclosed details of a new method…

ITZ PASINDU -March 17, 2026

The Hacker News

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

A majority of security leaders are struggling to defend AI syste…

ITZ PASINDU -March 17, 2026

The Hacker News

Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware

North Korean threat actors have been observed sending phishing t…

ITZ PASINDU -March 17, 2026

The Hacker News

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)…

ITZ PASINDU -March 16, 2026

The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing …

ITZ PASINDU -March 16, 2026

The Hacker News

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

Three different ClickFix campaigns have been found to act as a d…

ITZ PASINDU -March 16, 2026

The Hacker News

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign …

ITZ PASINDU -March 16, 2026

HackerNex

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

How Ceros Gives Security Teams Visibility and Control in Claude Code

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Pentesters: Is AI Coming for Your Role?

⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks