Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded Identity Security / Data ProtectionPassword manager Dashlane has disclosed that "fewer than" 20 us... 2026-6-2 03:55:25 | 阅读: 18 | 收藏 | The Hacker News - thehackernews.com dashlane security vaults protections

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-clou... 2026-6-1 17:40:28 | 阅读: 21 | 收藏 | The Hacker News - thehackernews.com cloud github redhat client malicious

⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More Monday hit like a cron job with anger issues.A busted auth path here, a repo-side faceplant there... 2026-6-1 13:59:54 | 阅读: 30 | 收藏 | The Hacker News - thehackernews.com 2026 security remote network phishing

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officia... 2026-6-1 11:54:24 | 阅读: 26 | 收藏 | The Hacker News - thehackernews.com loader c2 adaptixc2 payload malicious

The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools Three years ago, the practical question for an MSP building a cybersecurity practice was which "vC... 2026-6-1 11:30:0 | 阅读: 11 | 收藏 | The Hacker News - thehackernews.com security vciso tier msp growth

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's t... 2026-6-1 09:31:15 | 阅读: 18 | 收藏 | The Hacker News - thehackernews.com codex attacker openai sentry aikido

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts Vulnerability / Website Security,Threat actors are attempting to actively exploit a critical secur... 2026-6-1 08:45:29 | 阅读: 19 | 收藏 | The Hacker News - thehackernews.com wp security wpgmp wordpress attackers

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices IoT Security / Network SecurityDutch authorities have announced the takedown of a botnet that ensl... 2026-5-31 12:22:12 | 阅读: 31 | 收藏 | The Hacker News - thehackernews.com proxies asocks malicious residential ncsc

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation Vulnerability / Network SecurityPalo Alto Networks has warned that a recently disclosed medium-sev... 2026-5-30 06:41:26 | 阅读: 31 | 收藏 | The Hacker News - thehackernews.com 2026 security palo alto

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverage... 2026-5-29 18:7:12 | 阅读: 24 | 收藏 | The Hacker News - thehackernews.com attacker security injection malicious claude

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit Vulnerability / Artificial IntelligenceAn unknown threat actor has been observed using a large l... 2026-5-29 14:39:56 | 阅读: 15 | 收藏 | The Hacker News - thehackernews.com ssh attacker database sysdig marimo

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks Cyber Espionage / Artificial IntelligenceA previously undocumented threat actor dubbed GREYVIBE ha... 2026-5-29 11:31:59 | 阅读: 27 | 收藏 | The Hacker News - thehackernews.com legionrelay greyvibe development ukrainian withsecure

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something... 2026-5-29 10:30:0 | 阅读: 26 | 收藏 | The Hacker News - thehackernews.com shadow vibe builders sanctioned sse

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# softwa... 2026-5-29 09:11:25 | 阅读: 20 | 收藏 | The Hacker News - thehackernews.com malicious sicoob opensearch vpmdhaj security

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been att... 2026-5-29 05:57:41 | 阅读: 26 | 收藏 | The Hacker News - thehackernews.com meeting security download pebbledash remote

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code Vulnerability / Open SourceA critical security vulnerability has been disclosed in Gogs, a popul... 2026-5-28 17:24:44 | 阅读: 22 | 收藏 | The Hacker News - thehackernews.com repository rebase attacker gogs security

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer Vulnerability / Endpoint SecurityThreat actors are continuing to exploit a critical, now-patched s... 2026-5-28 15:26:4 | 阅读: 18 | 收藏 | The Hacker News - thehackernews.com malicious powershell ems forticlient stealer

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal Zero Day / Vulnerability DisclosureMicrosoft has come out strongly in favor of Coordinated Vulne... 2026-5-28 13:53:52 | 阅读: 28 | 收藏 | The Hacker News - thehackernews.com 2026 microsoft disclosures security

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody... 2026-5-28 13:33:16 | 阅读: 30 | 收藏 | The Hacker News - thehackernews.com phishing security victim 2026 kali365

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users" State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enter... 2026-5-28 11:30:0 | 阅读: 19 | 收藏 | The Hacker News - thehackernews.com governance exposure copilot chatgpt