Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems.… Read More »PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code… Read More »vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying… Read More »Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a “false… Read More »MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner… Read More »Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?
For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a… Read More »The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open
Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of… Read More »Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. “This new public ledger ensures the Google apps on your device… Read More »Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has… Read More »Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. “These installers are distributed from the… Read More »DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware