The Hacker News

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization

The Hacker News June 17, 2026

For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder...

Read More Read more about Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization

The Top 10 Attack Surface Exposures in 2026

The Top 10 Attack Surface Exposures in 2026

The Hacker News June 17, 2026

Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused...

Read More Read more about The Top 10 Attack Surface Exposures in 2026

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

The Hacker News June 17, 2026

Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less...

Read More Read more about Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

144 Mastra npm Packages Compromised via Hijacked Contributor Account

144 Mastra npm Packages Compromised via Hijacked Contributor Account

The Hacker News June 17, 2026

As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and...

Read More Read more about 144 Mastra npm Packages Compromised via Hijacked Contributor Account

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The Hacker News June 16, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget...

Read More Read more about CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

The Hacker News June 16, 2026

A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access...

Read More Read more about Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

The Hacker News June 16, 2026

Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum...

Read More Read more about ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

The Hacker News June 16, 2026

Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency...

Read More Read more about New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive

The Hacker News June 16, 2026

Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds,...

Read More Read more about Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

The Hacker News June 16, 2026

Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In...

Read More Read more about Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week