Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
75 articles

#The Hacker News

All CosmicBytez Labs articles tagged #The Hacker News, across news, security advisories, how-to guides, and projects.

  • NewsJun 2, 2026

    Pakistan-Linked SideCopy APT Targets Afghanistan Finance Ministry with Xeno RAT

    Researchers have uncovered a spear-phishing campaign by the Pakistan-aligned SideCopy APT group targeting Afghanistan's Ministry of Finance with the open-source Xeno RAT remote access trojan delivered via malicious ZIP archives.

  • NewsJun 1, 2026

    China-Aligned Groups Ramp Up Attacks: Operation Dragon Weave Hits Czech Republic and Taiwan

    Security researchers at Seqrite Labs have uncovered Operation Dragon Weave, a new China-aligned cyber espionage campaign targeting government, research, academic, and financial organizations in the Czech Republic and Taiwan using the AdaptixC2 post-exploitation framework.

  • NewsJun 1, 2026

    OpenAI Codex Authentication Tokens Stolen via codexui-android npm Supply Chain Attack

    Cybersecurity researchers have uncovered a malicious npm package named codexui-android that targets developers using OpenAI Codex by masquerading as a legitimate remote web UI tool, silently exfiltrating authentication tokens to attacker-controlled servers via postinstall hooks.

  • NewsMay 28, 2026

    Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

    Rapid7 discloses a critical CVSS 9.4 RCE in Gogs, the popular self-hosted Git service, letting any authenticated user run arbitrary code on the server.

  • NewsMay 28, 2026

    Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

    Microsoft condemns uncoordinated public zero-day disclosure, urging the security community to adopt CVD after removing a researcher's GitHub account.

  • NewsMay 25, 2026

    TrapDoor Supply Chain Attack Spreads Credential-Stealing

    A coordinated cross-ecosystem supply chain attack campaign dubbed TrapDoor has compromised 34 packages across 384+ versions on npm, PyPI, and Crates.io.

  • NewsMay 25, 2026

    Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets

    This week's security roundup covers Linux privilege escalation zero-days, actively exploited Windows Defender vulnerabilities, router botnets hijacking DNS.

  • NewsMay 23, 2026

    Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely

    Anthropic has disclosed that Project Glasswing — its AI-powered vulnerability research initiative using the Claude Mythos system — has uncovered more than...

  • NewsMay 23, 2026

    Laravel-Lang PHP Packages Compromised to Deliver

    Multiple PHP packages belonging to the Laravel-Lang organization have been poisoned in a software supply chain attack, delivering a cross-platform...

  • NewsMay 22, 2026

    First VPN Dismantled in Global Takedown Over Use by 25

    International authorities have disrupted a criminal VPN service called First VPN that was used by more than 25 ransomware groups to conceal network...

  • NewsMay 22, 2026

    Microsoft Warns of Two Actively Exploited Defender

    Microsoft has disclosed two Windows Defender vulnerabilities under active exploitation in the wild, including CVE-2026-41091 — a privilege escalation flaw...

  • NewsMay 22, 2026

    ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI

    This week's threat intelligence bulletin covers Linux rootkit campaigns, an actively exploited router zero-day, AI-assisted intrusions, new scam kit...

  • NewsMay 19, 2026

    Mini Shai-Hulud Pushes Malicious AntV npm Packages via

    Cybersecurity researchers have discovered a fresh Mini Shai-Hulud supply chain attack compromising the @antv npm ecosystem through a hijacked maintainer...

  • NewsMay 19, 2026

    Popular GitHub Action Tags Redirected to Imposter Commit to

    Threat actors have compromised the widely-used actions-cool/issues-helper GitHub Action, redirecting every existing tag to a malicious imposter commit...

  • NewsMay 19, 2026

    SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE

    Critical security vulnerabilities in SEPPMail Secure E-Mail Gateway — an enterprise email security appliance — could allow attackers to achieve remote...

  • NewsMay 19, 2026

    Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid

    Researchers at HUMAN Security uncovered Trapdoor, a sophisticated Android ad fraud and malvertising operation that used 455 malicious apps and 183...

  • NewsMay 18, 2026

    Developer Workstations Are Now Part of the Software Supply

    Supply chain attackers are no longer just targeting repositories and CI/CD pipelines — they're going after the developer workstations that hold the keys...

  • NewsMay 18, 2026

    Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL

    A coordinated wave of critical security patches landed this week from Ivanti, Fortinet, SAP, VMware, and n8n. Topping the list is CVE-2026-8043 in Ivanti...

  • NewsMay 18, 2026

    Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco

    This week's cybersecurity landscape opened with a critical Microsoft Exchange spoofing zero-day under active exploitation, a coordinated npm/PyPI supply...

  • NewsMay 14, 2026

    ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI

    This week's threat roundup covers an actively exploited PAN-OS RCE granting root access, Anthropic's Mythos AI finding a cURL memory safety bug, AI...

  • NewsMay 10, 2026

    Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation

    Ivanti has disclosed a high-severity improper input validation vulnerability in Endpoint Manager Mobile (EPMM) that is being actively exploited in the...

  • NewsMay 10, 2026

    PAN-OS RCE Exploit Under Active Use Enabling Root Access

    Palo Alto Networks has disclosed that CVE-2026-0300, a critical CVSS 9.3 buffer overflow in the PAN-OS User-ID Authentication service, is being actively...

  • NewsMay 10, 2026

    ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days

    This week's ThreatsDay threat roundup covers Microsoft Edge storing passwords in plaintext, industrial control system zero-days under active exploitation,...

  • NewsMay 9, 2026

    Fake Call History Apps Stole Payments From Users After 7.3

    Cybersecurity researchers discovered 28 fraudulent Android apps on Google Play claiming to offer call history lookups, which instead enrolled users in...

  • NewsMay 3, 2026

    CISA Adds Actively Exploited Linux Root Access Bug

    The U.S. Cybersecurity and Infrastructure Security Agency has added CVE-2026-31431, a Linux kernel privilege escalation flaw enabling root access, to its...

  • NewsApr 29, 2026

    CISA Adds Actively Exploited ConnectWise and Windows Flaws

    CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog — CVE-2024-1708 affecting ConnectWise ScreenConnect...

  • NewsApr 29, 2026

    SAP-Related npm Packages Compromised in Credential-Stealing

    Security researchers have uncovered a coordinated supply chain attack campaign dubbed 'mini Shai-H' targeting SAP-related npm packages, injecting...

  • NewsApr 29, 2026

    VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB

    Threat hunters warn that VECT 2.0 ransomware contains a critical flaw in its encryption implementation that acts more like a wiper for files over 131KB...

  • NewsApr 27, 2026

    Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive

    Researchers at Infoblox and Confiant have uncovered a dual-threat fraud operation active since 2020: fake CAPTCHA pages secretly send up to 50...

  • NewsApr 26, 2026

    Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain

    The popular Bitwarden CLI password manager package @bitwarden/cli@2026.4.0 was compromised as part of an ongoing Checkmarx supply chain campaign, with...

  • NewsApr 26, 2026

    China-Linked GopherWhisper Infects 12 Mongolian Government

    A previously undocumented China-aligned APT group tracked as GopherWhisper has targeted Mongolian governmental institutions, deploying a wide array of...

  • NewsApr 26, 2026

    LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of

    A high-severity SSRF vulnerability in LMDeploy, a widely used open-source LLM deployment toolkit, was actively exploited in the wild less than 13 hours...

  • NewsApr 26, 2026

    ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse

    This week's ThreatsDay Bulletin covers the $290M KelpDAO DeFi hack tied to Lazarus Group, new macOS living-off-the-land attack techniques, ProxySmart SIM...

  • NewsApr 25, 2026

    FIRESTARTER Backdoor Hit Federal Cisco Firepower Device

    CISA and the UK's NCSC have revealed that a US federal civilian agency's Cisco Firepower device running ASA software was compromised in September 2025...

  • NewsApr 20, 2026

    Anthropic MCP Design Vulnerability Enables RCE, Threatening

    Cybersecurity researchers have discovered a critical by-design weakness in the Model Context Protocol architecture that enables arbitrary command...

  • NewsApr 20, 2026

    Researchers Detect ZionSiphon Malware Targeting Israeli

    Cybersecurity researchers at Darktrace have identified ZionSiphon, a new malware specifically designed to target Israeli water treatment and desalination...

  • NewsApr 20, 2026

    SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious

    A critical CVSS 9.8 command injection vulnerability in the SGLang AI inference framework allows attackers to achieve remote code execution by supplying a...

  • NewsApr 20, 2026

    Vercel Breach Tied to Context AI Hack Exposes Limited

    Vercel's security breach originated from the compromise of Context.ai, a third-party AI tool used by a company employee, allowing attackers to gain...

  • NewsApr 20, 2026

    Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New

    This week's cybersecurity recap covers the Vercel supply chain breach via a compromised AI tool, push fraud campaigns, attackers abusing QEMU virtual...

  • NewsApr 18, 2026

    Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack

    Threat actors are deploying the Nexcorium Mirai botnet variant by exploiting CVE-2024-3721 in TBK DVR devices and targeting end-of-life TP-Link Wi-Fi...

  • NewsApr 9, 2026

    Adobe Reader Zero-Day Exploited via Malicious PDFs Since

    Threat actors have been exploiting an unpatched zero-day in Adobe Reader since at least November 2025, using specially crafted PDFs to fingerprint victims...

  • NewsApr 9, 2026

    EngageLab SDK Flaw Exposed 50M Android Users, Including 30M

    A now-patched security vulnerability in the widely used EngageLab Android SDK allowed apps on the same device to bypass the Android security sandbox and...

  • NewsApr 9, 2026

    ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache

    This week's ThreatsDay Bulletin from The Hacker News covers 20 active threats including a hybrid P2P DDoS botnet, a 13-year-old Apache ActiveMQ RCE flaw...

  • NewsApr 8, 2026

    Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws

    Anthropic's new Project Glasswing initiative uses a preview of its frontier model Claude Mythos to autonomously discover thousands of previously unknown...

  • NewsApr 8, 2026

    APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine

    Russian state-sponsored threat actor APT28 (Forest Blizzard / Pawn Storm) has launched a targeted spear-phishing campaign deploying a newly documented...

  • NewsApr 7, 2026

    China-Linked Storm-1175 Chains Zero-Days for High-Velocity

    A China-based threat cluster designated Storm-1175 has been linked to high-velocity ransomware attacks deploying Medusa payloads using chained zero-day...

  • NewsApr 7, 2026

    The Hidden Cost of Recurring Credential Incidents

    IBM's 2025 Cost of a Data Breach Report puts the average breach at $4.4 million — but that headline figure understates the true damage when credential...

  • NewsApr 6, 2026

    BKA Identifies REvil Leaders Behind 130 German Ransomware

    Germany's Federal Criminal Police Office has publicly unmasked the real identity of "UNKN," the primary operator behind the now-defunct REvil and GandCrab...

  • NewsApr 6, 2026

    How LiteLLM Turned Developer Machines Into Credential

    The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...

  • NewsApr 6, 2026

    Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits

    This week's biggest cybersecurity stories: a North Korean supply chain attack hit the Axios npm package, a new Chrome zero-day under active exploitation,...

  • NewsApr 5, 2026

    $285 Million Drift Hack Traced to Six-Month DPRK Social

    Drift has confirmed the April 1, 2026, theft of $285 million resulted from a meticulously planned six-month North Korean social engineering operation that...

  • NewsApr 5, 2026

    36 Malicious npm Packages Exploited Redis, PostgreSQL to

    Cybersecurity researchers discovered 36 malicious npm packages disguised as Strapi CMS plugins that abused Redis and PostgreSQL connections to harvest...

  • NewsApr 4, 2026

    Microsoft Details Cookie-Controlled PHP Web Shells

    Microsoft Defender researchers have documented a stealthy PHP web shell technique that uses HTTP cookies as a covert command-and-control channel on Linux...

  • NewsApr 4, 2026

    UNC1069 Social Engineering of Axios Maintainer Led to npm

    The North Korean threat actor UNC1069 used a sophisticated, targeted social engineering campaign against the Axios npm package maintainer Jason Saayman to...

  • NewsApr 2, 2026

    Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts

    A large-scale credential harvesting campaign has been observed exploiting the React2Shell vulnerability (CVE-2025-55182) as an initial infection vector,...

  • NewsApr 2, 2026

    The State of Trusted Open Source Report: Key Findings for

    Chainguard's first-ever State of Trusted Open Source report reveals critical insights into open source consumption patterns across container images,...

  • NewsApr 1, 2026

    CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to

    Ukraine's Computer Emergency Response Team (CERT-UA) has disclosed a large-scale phishing campaign in which threat actor UAC-0255 impersonated the agency...

  • NewsApr 1, 2026

    Claude Code Source Leaked via npm Packaging Error

    Anthropic confirmed that internal source code for its Claude Code AI coding assistant was accidentally published to npm due to a human packaging error. No...

  • NewsApr 1, 2026

    New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation

    Google has released a Chrome security update patching 21 vulnerabilities including a high-severity use-after-free zero-day in the Dawn graphics engine...

  • NewsMar 30, 2026

    DeepLoad Malware Uses ClickFix and WMI Persistence to Steal

    Researchers have identified DeepLoad, a previously undocumented malware loader that combines ClickFix social engineering with WMI-based persistence to...

  • NewsMar 28, 2026

    Bearlyfy Hits Russian Firms with Custom GenieLocker

    Pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 cyberattacks against Russian companies since January 2025, recently deploying a custom...

  • NewsMar 28, 2026

    CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM

    CISA has added CVE-2025-53521, a critical vulnerability in F5 BIG-IP Access Policy Manager, to its Known Exploited Vulnerabilities catalog after...

  • NewsMar 28, 2026

    Citrix NetScaler CVE-2026-3055 (CVSS 9.3) Under Active

    Security researchers at Defused Cyber and watchTowr have detected active reconnaissance targeting CVE-2026-3055, a critical CVSS 9.3 memory overread flaw...

  • NewsMar 28, 2026

    Iran-Linked Hackers Breach FBI Director's Personal Email

    Iran's Handala Hack Team breached the personal email of FBI Director Kash Patel, leaking photos and documents online, while simultaneously launching a...

  • NewsMar 28, 2026

    TA446 Deploys DarkSword iOS Exploit Kit in Targeted

    Proofpoint has attributed a targeted email campaign to Russian state-sponsored threat actor TA446, which is leveraging the recently disclosed DarkSword...

  • NewsMar 28, 2026

    TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides

    The TeamPCP threat actor — behind previous supply chain attacks on Trivy, KICS, and litellm — has now compromised the telnyx Python package on PyPI,...

  • NewsMar 26, 2026

    WebRTC Skimmer Bypasses CSP to Steal Payment Data from

    Cybersecurity researchers have uncovered a sophisticated new payment skimmer that weaponises WebRTC data channels to exfiltrate stolen credit card data...

  • NewsMar 25, 2026

    LeakBase Admin Arrested in Russia Over Massive Stolen

    Russian law enforcement has arrested the alleged administrator of LeakBase — a credential marketplace operating since 2021 with 142,000 members and...

  • NewsMar 23, 2026

    Trivy Hack Spreads Infostealer via Docker, Triggers Worm

    The Trivy supply chain attack has expanded dramatically beyond GitHub Actions: malicious Docker Hub images (versions 0.69.4–0.69.6) carry an infostealer,...

  • NewsMar 23, 2026

    Weekly Recap: CI/CD Backdoor, FBI Buys Location Data

    This week's cybersecurity roundup covers supply chain attacks hitting CI/CD pipelines, long-running IoT botnets finally disrupted, the FBI's warrantless...

  • NewsMar 20, 2026

    Trivy Security Scanner GitHub Actions Breached — 75 Tags

    Trivy, Aqua Security's widely used open-source vulnerability scanner, was compromised a second time in a month. Attackers hijacked 75 GitHub Actions tags...

  • NewsMar 16, 2026

    GlassWorm ForceMemo: Stolen GitHub Tokens Used to Poison

    The GlassWorm threat actor has launched a new sub-campaign called ForceMemo, using stolen GitHub tokens to silently force-push malware into hundreds of...

  • NewsMar 16, 2026

    Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach

    This week's cybersecurity roundup covers the actively exploited Chrome zero-day CVE-2026-2441, the Aisuru router botnet record DDoS attack, a supply chain...

  • NewsMar 14, 2026

    GlassWorm Escalates: 72 Malicious Open VSX Extensions Use

    The GlassWorm self-propagating worm campaign has compromised 72 Open VSX extensions using invisible Unicode Private Use Area characters and a Solana...

  • NewsFeb 6, 2026

    DKnife: China-Linked AitM Framework Hijacks Router Traffic

    Cisco Talos uncovers a seven-component Linux framework called DKnife that compromises routers to intercept credentials, replace downloads with trojans,...