The Hacker News

Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?

AI agents outpace IAM governance as 50% identity activity stays unseen, increasing enterprise security and compliance risks.
The Hacker News

Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs

CloudZ RAT exploits Phone Link since Jan 2026, stealing credentials and OTPs via Pheno plugin, bypassing 2FA protections.
The Hacker News

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

"A buffer overflow vulnerability in the User-ID Authentication Portal (aka Captive Portal) service of Palo Alto Networks ...
The Hacker News

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP ...
The Hacker News

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

DAEMON Tools supply chain attack since April 8, 2026 infects signed installers, enabling targeted malware delivery globally.
The Hacker News

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

UAT-8302 targets governments since 2024 using shared China-linked malware, enabling persistent access and cross-group cyber ...
The Hacker News

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

OAuth tokens without expiry enable breaches like Drift attack on 700+ firms, bypassing MFA and exposing sensitive data.
The Hacker News

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

MetInfo CMS flaw CVE-2026-29014 exploited after April 7 patch, enabling remote code execution and targeting 2,000 instances.