The Hacker News

ID: fa8b6a49-416b-5e02-96d2-6e80c4becccd

STIX ID: identity--fa8b6a49-416b-5e02-96d2-6e80c4becccd

Feed Type: rss

Earliest post: 2023-12-18

Latest post: 2026-06-06

The Hacker News is a leading independent source for real-time cybersecurity news, threat intelligence, vulnerabilities, breach reports, and expert analysis.

Exclude posts that do not describe a security incident

Classification

Min Pub Date

01/01/2020

Max Pub Date

06/07/2026

Title	Date Published ↓	Describes Incident	Author	Visible
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI	2026-06-06	True	[email protected] (The Hacker News)	True
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog	2026-06-06	True	[email protected] (The Hacker News)	True
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs	2026-06-06	True	[email protected] (The Hacker News)	True
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack	2026-06-06	True	[email protected] (The Hacker News)	True
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available	2026-06-06	True	[email protected] (The Hacker News)	True
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks	2026-06-05	True	[email protected] (The Hacker News)	True
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps	2026-06-05	True	[email protected] (The Hacker News)	True
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework	2026-06-05	True	[email protected] (The Hacker News)	True
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites	2026-06-05	True	[email protected] (The Hacker News)	True
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins	2026-06-05	True	[email protected] (The Hacker News)	True
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network	2026-06-05	True	[email protected] (The Hacker News)	True
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public	2026-06-04	True	[email protected] (The Hacker News)	True
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories	2026-06-04	True	[email protected] (The Hacker News)	True
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories	2026-06-04	True	[email protected] (The Hacker News)	True
China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa	2026-06-04	True	[email protected] (The Hacker News)	True
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads	2026-06-04	True	[email protected] (The Hacker News)	True
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS	2026-06-04	True	[email protected] (The Hacker News)	True
Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months	2026-06-04	True	[email protected] (The Hacker News)	True
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets	2026-06-04	True	[email protected] (The Hacker News)	True
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android	2026-06-03	True	[email protected] (The Hacker News)	True
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog	2026-06-03	True	[email protected] (The Hacker News)	True
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT	2026-06-03	True	[email protected] (The Hacker News)	True
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag	2026-06-03	True	[email protected] (The Hacker News)	True
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)	2026-06-03	True	[email protected] (The Hacker News)	True
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens	2026-06-03	True	[email protected] (The Hacker News)	True
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes	2026-06-03	True	[email protected] (The Hacker News)	True
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare	2026-06-03	True	[email protected] (The Hacker News)	True
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content	2026-06-03	True	[email protected] (The Hacker News)	True
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited	2026-06-02	True	[email protected] (The Hacker News)	True
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine	2026-06-02	True	[email protected] (The Hacker News)	True
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation	2026-06-02	True	[email protected] (The Hacker News)	True
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT	2026-06-02	True	[email protected] (The Hacker News)	True
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded	2026-06-02	True	[email protected] (The Hacker News)	True
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm	2026-06-01	True	[email protected] (The Hacker News)	True
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More	2026-06-01	True	[email protected] (The Hacker News)	True
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan	2026-06-01	True	[email protected] (The Hacker News)	True
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack	2026-06-01	True	[email protected] (The Hacker News)	True
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts	2026-06-01	True	[email protected] (The Hacker News)	True
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices	2026-05-31	True	[email protected] (The Hacker News)	True
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation	2026-05-30	True	[email protected] (The Hacker News)	True
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface	2026-05-29	True	[email protected] (The Hacker News)	True
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit	2026-05-29	True	[email protected] (The Hacker News)	True
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks	2026-05-29	True	[email protected] (The Hacker News)	True
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks	2026-05-29	True	[email protected] (The Hacker News)	True
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets	2026-05-29	True	[email protected] (The Hacker News)	True
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels	2026-05-29	True	[email protected] (The Hacker News)	True
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code	2026-05-28	True	[email protected] (The Hacker News)	True
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal	2026-05-28	True	[email protected] (The Hacker News)	True
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More	2026-05-28	True	[email protected] (The Hacker News)	True
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware	2026-05-28	True	[email protected] (The Hacker News)	True