A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates…
Category: The Hacker News
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. “As with many other intrusions in recent years, UNC6692 relied heavily on…
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check…
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. “The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in ‘bw1.js,’ a…
Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition…
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed
Imagine a world where hackers don’t sleep, don’t take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time…
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding…
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. “The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and…
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging…
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and…
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity,…
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. “The malware uses the legitimate Microsoft Graph API and Outlook mailboxes…
Toxic Combinations: When Cross-App Permissions Stack into Risk
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat…
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper, the novel file wiper has been used in a…
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity.…
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. “Sandbox escape vulnerability in Terrarium allows arbitrary…
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector. “The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file…
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led…
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by…
22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by…