The Hacker News

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

Google links Turla to STOCKSTAY, a new .NET backdoor used in phishing attacks against Ukraine government and military targets ...
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
The Hacker News

Russia Used Cellebrite on Jailed Activist's iPhone Months After Sales Cutoff

Citizen Lab says Russian authorities used Cellebrite UFED on Andrey Pivovarov’s seized iPhone after Cellebrite’s 2021 Russia ...
The Hacker News

New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

Symantec and Carbon Black link Mistic backdoor attacks to KongTuke, using ClickFix lures and in-memory execution for stealthy ...
The Hacker News

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

Mandiant says CVE-2026-20245 was exploited as a Cisco SD-WAN zero-day to escalate admin access to root on a provider network.
The Hacker News

Surviving the Mythos Era: Richard Bejtlich on the Case for NDR

Corelight’s NDR Essentials explains how network evidence helps analysts validate alerts, hunt threats, and disrupt attacks.
The Hacker News

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...
The Hacker News

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
The Hacker News

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

Kaspersky says attackers are using fake WhatsApp document attachments to run VBScript malware and install ManageEngine RMM ...
The Hacker News

DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering

DoJ seized HuiOne cloud infrastructure as Treasury sanctioned Prince Group-linked entities over crypto fraud and money ...
The Hacker News

Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration

Federal agencies must shift to post-quantum cryptography by 2030 and digital signatures by 2031 under a new Trump order.