Update Linux Now As 9-Year-Old Root Hack Confirmed, CISA Warns Users

The Cybersecurity and Infrastructure Security Agency has warned users to update their Linux systems following the discovery ...

ConsentFix v3 attacks target Azure with automated OAuth abuse

A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding ...
OSTechNix

Copy Fail: The 732-Byte Script That Roots Every Major Linux Systems

Copy Fail (CVE-2026-31431) is a severe logic flaw in the Linux kernel affecting every distribution since 2017. Patch your ...

The FBI confirmed Russian hackers are inside thousands of home routers

It’s not theoretical. The DOJ went to court over it. Your router may be redirecting you to fake bank login pages. Here’s what ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

The most severe Linux threat to surface in years catches the world flat-footed

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of ...
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...
SecurityWeek

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

The China-linked APT GopherWhisper has been using legitimate services and various Go-based backdoors in attacks.
TechCrunch

Hackers are abusing unpatched Windows security flaws to hack into organizations

Hackers have broken into at least one organization using Windows vulnerabilities published online by a disgruntled security researcher over the last two weeks, according to a cybersecurity firm. On ...
bankinfosecurity

Freight Hacker Wields Code-Signing Service to Evade Defenses

Many attacks that target the sector attempt to trick victims into installing malware that deploys remote management and monitoring tools, which attackers use to remotely control a victim's system and ...

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, backdoors, and ad injection.