HackerNex

The Hacker News

IFTTT

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

Cybersecurity researchers have discovered a set of malicious npm…

ITZ PASINDU -June 23, 2026

IFTTT

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

Direct messages sent via WhatsApp are being used to distribute m…

ITZ PASINDU -June 23, 2026

IFTTT

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI on Monday said it's releasing an improved version of …

ITZ PASINDU -June 22, 2026

IFTTT

ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

Multiple WordPress plugins from ShapedPlugin were compromised in…

ITZ PASINDU -June 22, 2026

IFTTT

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

It’s Monday again. This week’s threat list looks painfully fami…

ITZ PASINDU -June 22, 2026

IFTTT

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

Canada's spy service got a judge's permission to reach i…

ITZ PASINDU -June 22, 2026

IFTTT

AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network

A new malware family is turning forgotten home routers into a di…

ITZ PASINDU -June 22, 2026

IFTTT

INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific

A new report from INTERPOL has revealed a "dramatic increas…

ITZ PASINDU -June 21, 2026

IFTTT

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Threat actors are exploiting a recently patched security flaw im…

ITZ PASINDU -June 20, 2026

IFTTT

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

The Gentlemen ransomware-as-a-service (RaaS) operation is active…

ITZ PASINDU -June 19, 2026

IFTTT

Forget Data Leakage: Shadow AI's Real Threat Is Access Control

The first wave of enterprise AI concern was straightforward. It …

ITZ PASINDU -June 19, 2026

IFTTT

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce has revealed that it disabled the Klue Battlecards ap…

ITZ PASINDU -June 19, 2026

IFTTT

Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone

Apple has updated its Beats Studio Buds wireless earbuds to patc…

ITZ PASINDU -June 19, 2026

IFTTT

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 has released security updates to address two critical securit…

ITZ PASINDU -June 18, 2026

IFTTT

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

If an autonomous AI agent interacts with your company's core…

ITZ PASINDU -June 18, 2026

IFTTT

The Scripts on Your Checkout Page Are Now a PCI DSS Problem

An independent PCI assessor tested Reflectiz against the new PCI…

ITZ PASINDU -June 18, 2026

IFTTT

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

Microsoft has formally disclosed that it's working to releas…

ITZ PASINDU -June 17, 2026

IFTTT

144 Mastra npm Packages Compromised via Hijacked Contributor Account

As many as 144 npm packages associated with the Mastra namespace…

ITZ PASINDU -June 17, 2026

IFTTT

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)…

ITZ PASINDU -June 16, 2026

IFTTT

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

A flaw in the Google Cloud Vertex AI SDK for Python let an attac…

ITZ PASINDU -June 16, 2026

HackerNex

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network

INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

Forget Data Leakage: Shadow AI's Real Threat Is Access Control

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

The Scripts on Your Checkout Page Are Now a PCI DSS Problem

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

144 Mastra npm Packages Compromised via Hijacked Contributor Account

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Pentesters: Is AI Coming for Your Role?

FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins