The Hacker News

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

The Hacker News May 25, 2026

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use...

Read More Read more about Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

The Hacker News May 24, 2026

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute...

Read More Read more about TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

The Hacker News May 23, 2026

GitHub has rolled out new controls for npm to improve the security of the software supply chain,...

Read More Read more about npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

The Hacker News May 23, 2026

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed...

Read More Read more about Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

The Hacker News May 23, 2026

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities...

Read More Read more about Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

The Hacker News May 23, 2026

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages...

Read More Read more about Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

The Hacker News May 23, 2026

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The...

Read More Read more about LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The Hacker News May 23, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting...

Read More Read more about Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

The Hacker News May 22, 2026

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN)...

Read More Read more about First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Hacker News May 22, 2026

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security and Defense Council) has...

Read More Read more about Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware