News
What Changes When Your Software Supply Chain Includes AI Writing Your Code?
2+ hour, 29+ min ago (378+ words) Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, "software supply chain security" meant one question: what's in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody…...
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities
4+ hour, 41+ min ago (789+ words) A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U. S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in…...
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
6+ hour, 30+ min ago (269+ words) Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can…...
Beyond Trust Patches Critical Auth Bypass Flaws in Remote Support and PRA
8+ hour, 20+ min ago (257+ words) Beyond Trust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below…...
Contagious Interview " Latest News, Reports & Analysis
1+ day, 8+ min ago (82+ words) The Hacker News Contagious Interview | Breaking Cybersecurity News | The Hacker News North Korean Hackers Publish 108 Malicious Packages and Extensions in Polin Rider Campaign AI-Speed Attacks Are Forcing a Rethink of Incident Response Breach Transparency Remains Cybersecurity's Toughest Governance Problem Beyond…...
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
19+ hour, 19+ min ago (374+ words) An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors,…...
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
20+ hour, 22+ min ago (358+ words) Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9. 8), a vulnerability that stems from the Dev Ops platform trusting the…...
" Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake Po C Malware and More
1+ day, 29+ min ago (251+ words) A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became…...
How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions
1+ day, 2+ hour ago (378+ words) Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy…...
Skill Cloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
1+ day, 7+ hour ago (1089+ words) Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a'new study'from researchers at the Hong Kong University of Science and Technology. Their strongest…...