The Hacker News

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

The Hacker News May 7, 2026

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to...

Read More Read more about PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

The Hacker News May 6, 2026

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited...

Read More Read more about vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

The Hacker News May 6, 2026

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running...

Read More Read more about Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

The Hacker News May 6, 2026

The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been...

Read More Read more about MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open

The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open

The Hacker News May 6, 2026

For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace —...

Read More Read more about The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open

Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?

Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?

The Hacker News May 6, 2026

Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than...

Read More Read more about Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?

Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks

Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks

The Hacker News May 6, 2026

Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply...

Read More Read more about Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks

Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs

Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs

The Hacker News May 6, 2026

Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access...

Read More Read more about Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

The Hacker News May 6, 2026

Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS...

Read More Read more about Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

The Hacker News May 5, 2026

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP...

Read More Read more about Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE