The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

The Hacker News April 29, 2026

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency...

Read More Read more about New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

The Hacker News April 29, 2026

In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using...

Read More Read more about Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

The Hacker News April 29, 2026

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities...

Read More Read more about What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

The Hacker News April 29, 2026

cPanel has released security updates to address a security issue impacting various authentication paths that could allow...

Read More Read more about Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The Hacker News April 29, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect...

Read More Read more about CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

The Hacker News April 28, 2026

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical...

Read More Read more about LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

The Hacker News April 28, 2026

Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that...

Read More Read more about Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

The Hacker News April 28, 2026

A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign...

Read More Read more about Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

The Hacker News April 28, 2026

Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper...

Read More Read more about VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About

The Hacker News April 28, 2026

Every security program is betting on the same assumption: once a system is connected, the problem is...

Read More Read more about Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About