The Hacker News

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

The Hacker News May 30, 2026

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access...

Read More Read more about PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

The Hacker News May 29, 2026

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI)...

Read More Read more about ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

The Hacker News May 29, 2026

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise...

Read More Read more about Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

The Hacker News May 29, 2026

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine...

Read More Read more about New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

The Hacker News May 29, 2026

Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger:...

Read More Read more about What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

The Hacker News May 29, 2026

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for...

Read More Read more about Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

The Hacker News May 28, 2026

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a...

Read More Read more about Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

The Hacker News May 28, 2026

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows...

Read More Read more about Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

The Hacker News May 28, 2026

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS)...

Read More Read more about Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

The Hacker News May 28, 2026

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to...

Read More Read more about Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal