The Hacker News

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.
Tech Times

WordPress 7.0 Ships AI Agent Infrastructure: API Key Theft Risk Surfaces on Launch Day

WordPress 7.0 “Armstrong,” released May 20, 2026, arrived without the real-time collaborative editing feature that had been ...

How To Stress-Test A Staging Environment To Surface Risks Pre-Launch – Ask An SEO

Bad deployments can take weeks to recover from in search. Test your staging site the right way before pushing large scale ...
Cyber Daily

Warning! Hackers spotted exploiting poorly patched SonicWall SSL VPN appliances

Simply patching isn’t enough to prevent threat actors from exploiting SSL-VPN MFA Bypass CVE-2024-12802; here’s what you need ...
Infosecurity Magazine

Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users

A 10-month Android malware campaign has used nearly 250 fake apps to sign victims up to premium services on their mobile ...

TuxCare Delivers Post-EOL Security Support for Nuxt 3 Environments

Extends security support beyond Nuxt 3 end-of-life, helping organizations protect production Vue.js applications and ...
Tech Times

Exchange Server OWA Zero-Day CVE-2026-42897 Exploited With No Permanent Patch and New Mitigation Gaps

Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site scripting flaw in the Outlook Web Access component of Exchange Server 2016, 2019, and Subscription Edition — is under active ...
SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...
The Tyee

When the Biggest AI Data Centre Comes to Your Town

Signed by Synapse’s CEO, Jason van Gaal, the letter introduced MacIntosh to a project that would include both an AI data ...
ITWeb

Active Microsoft Exchange zero-day leaves organisations exposed

Hackers are already exploiting a cross-site scripting flaw in Microsoft Exchange Server, leaving organisations running ...

Anthropic Buys The SDK Pipeline OpenAI And Gemini Depend On

Anthropic acquired Stainless, the SDK compiler behind OpenAI, Gemini and Llama. The deal hands one AI lab structural leverage ...
cybernews

Supply chain hit once again: single NPM account pushes 600+ compromised packages, used by millions

Another massive supply chain attack is spreading. Hundreds of compromised NPM packages are being detected, with hackers using stolen secrets to create over 2,200 public GitHub repositories, all ...