-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

Jun 30, 2026 Artificial Intelligence / Supply Chain Security
New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm may fire. The work comes from Microsoft Incident Response and its Defender security research team, and it lands as companies start letting AI do more than read and summarize. What changes when an agent can act Until recently, the workplace AI risk was mostly framed around what a model read and wrote. A poisoned document could skew an answer, and that was mostly where it ended. Agents are different. Microsoft 365 Copilot can send email, create files, and change calendars. Custom agents built in Copilot Studio or Azure AI Foundry can reach into business systems and run multi-step jobs on their own. The same injection trick that biases a summary now trigger...
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

Jun 30, 2026 Botnet / Vulnerability
A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin's XLab have tracked it since February 2026, and say the real story is not how big it is today, but how fast it is changing. The end goal is a distributed denial-of-service (DDoS) attack: flooding a target with junk traffic from the infected machines until it buckles. RustDuck is one more entrant in a crowded field, but it stands out for two reasons. It is being rewritten from the C programming language into Rust, and its newer versions go to unusual lengths to avoid being studied or shut down. How it spreads RustDuck does not lean on a single clever trick. It sprays a mix of old, well-known weaknesses and hopes one sticks. The first is the oldest in the book: devices left on the internet with weak or default passwords on their rem...
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Jun 30, 2026 Vulnerability / Malware
Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI) application endpoints for obtaining initial access to enterprise networks. The attack was observed over a 19-day window between March 27 and April 15, 2026. "In this campaign, a single line of Python code evaluated inside an unauthenticated Langflow API endpoint pulls down a shell script, fetches a miner binary, and launches it detached," Trend Micro researchers Simon Dulude and John Zhang said in a technical report published last week. At a high level, the malware is designed to terminate competing cryptocurrency miner processes associated with Kinsing , WatchDog , Rocke , and Outlaw ,...
cyber security

The Systems That Power America Are Under Threat. Is Your ICS/OT Program Ready?

websiteSANS InstituteCritical infrastructure / Webinar
Discover where federal ICS programs are most exposed and what closing the skills gap requires in practice.
cyber security

Inside Device Code Phishing: Live Demos, Real Kits, and What's Next

websitePush SecurityPhishing Attack / Webinar
Device code attacks are up 37x this year, with 18+ kits in the wild. Join the research webinar on June 30th.
Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

Jun 30, 2026 Browser Security / Cryptocurrency
Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. "The campaign is delivered through unsigned installers – observed in both .NET and Golang variants – that deploy a malicious Chromium extension masquerading as a benign 'Google Notes' utility," the cybersecurity company said in a technical report shared with The Hacker News. The unsigned .NET installer, named BaseZipInstaller, is designed to retrieve a ZIP archive, which serves as a foundation for the malicious browser extension by scanning the system for Chromium-based browsers. For each detected profile in those browsers, it forcibly terminates the browser process and injects the extension by modifying the Secure Preferences and Preferences files. The end goal of the ex...
GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks

GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks

Jun 30, 2026 AI Security / Software Supply Chain
The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades. New research from  Adversa AI , which is named the bypass GuardFall , found it works against ten of the eleven popular open-source coding and computer-use agents the firm tested. Only one, "Continue," was built to defend against it. Why does it matter? These agents run shell commands with your full account access. Point one at a booby-trapped repository or software package, and a hidden instruction can quietly run a command that wipes files or steals the secrets your account can reach, from SSH keys and cloud credentials to anything sitting in your home folder. How does it get past the guard? Most of these agents try to stay safe by checking each command against a blocklist of dangerous patterns before running it. The flaw is that they check the command as plain text, while bash rewrites that t...
282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

Jun 30, 2026 API Security / Mobile Security
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic. In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepted requests with no key at all. Whoever grabs it can send model requests on the developer's account, and the developer pays the bill. Three months after the researchers warned the developers, only 28% had fixed it. The work, from researchers at Wake Forest University, is the  first in-depth study of the problem on iOS . It is striking partly because of how little effort the snooping took. The team used a tool they built, LLMKeyLens , that watches an app's traffic and pulls out the credentials as they go by. No jailbreaking, no cracking the app open. The key is the secret that lets the app call a service like OpenAI or Google Gemini. Embed it in the app, and it is exposed with ev...
What the Numbers Say About FIFA 2026 Cyber Risk

What the Numbers Say About FIFA 2026 Cyber Risk

Jun 30, 2026 Phishing / Impersonation
The FIFA World Cup 2026 opened on June 11. By that date, according to Check Point Research, the fraud infrastructure targeting it had already been built, staged, and partially deployed. Threat actor activity was pre-planned, months out, across three sectors and at least ten languages. Check Point Exposure Management published the FIFA World Cup 2026 Cyber Threat Report this month, covering financial services, transportation, hospitality, and gambling. Here are three findings worth reading carefully. 1 in 3 FIFA Partners Can't Block Email Impersonation Pre-tournament research by Proofpoint found that more than one-third of official FIFA World Cup 2026 partners lack sufficient DMARC enforcement to prevent domain spoofing. That means attackers can send an email that appears to come from a sponsor, a vendor, or a logistics partner, with no technical barrier stopping it. The World Cup supply chain is enormous. Airlines, hotels, broadcast partners, merchandise contractors, an...
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

Jun 30, 2026 AI Security / Vulnerability
An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer . The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated attacker could exploit to obtain a fully authenticated "Technician session by submitting a forged token containing arbitrary identity claims. "TaskWeaver is a heavily obfuscated Node.js loader, delivered as jquery.js and executed through node.exe, that implements an encrypted, reusable payload delivery channel rather than a fixed set of post exploitation commands," Blackpoint Cyber said in an analysis. "The observed second stage payload, Djinn Stealer, targets Windows, macOS, and Linux systems." Djinn Stealer is designed to harvest credentials associated with cloud...
AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks

AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks

Jun 30, 2026 Vulnerability / Wireless Security
Two researchers have found six security flaws in AirDrop and Quick Share , the wireless features that beam files between nearby devices with no cables or shared network. An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone, with no tap or prompt. The same research found Quick Share flaws that bypass Samsung's session checks and trigger a potentially exploitable crash in Google's Windows app. The two features run inside an ecosystem of more than five billion active Apple and Android devices, though the tested bugs hit specific implementations and versions. The work, laid out in a  new research paper  by Arash Ale Ebrahim and Nils Ole Tippenhauer of the CISPA Helmholtz Center for Information Security, is the first to pull both stacks apart side by side, above the radio layer, where discovery becomes session handling, parsing, and trust decisions. The fixes have alre...
New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials

New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials

Jun 30, 2026 Agent Security / Browser Security
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind  BioShocking , a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending them to an attacker. The targets included OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude browser extension. An AI browser is one that can act for you, not just read pages. Switch it to agent mode, and it can click, type, and reach into the sites you are already signed into. That access is the whole point, and it is also the problem. The trick works because of how these agents read. The web page and your own instructions arrive as a single stream of text. That lets a malicious page slip in commands dressed up as ordinary content or game rules, and the agent cannot reliably tell the difference. Researchers call this  indirect prompt injection . How the trick works
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

Jun 30, 2026 Vulnerability / API Security
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as  CVE-2026-8037 , carries a CVSS score of  9.8 according to ZDI . A patch is available. If you run LoadMaster with the API enabled, update now. Progress  published its advisory on June 4  and says it has not received any reports of exploitation. On June 29, researchers at watchTowr Labs published a detailed technical write-up that walks through the full exploit chain. What the Flaw Does LoadMaster is an application delivery controller and load balancer used by enterprises to manage traffic across servers. It sits at the network edge, which makes any pre-auth flaw in it especially dangerous. The vulnerability lives in a function called  escape_quotes() , which is supposed to sanitize user input before it gets passed into a shell command. The f...
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

Jun 30, 2026 Vulnerability / Enterprise Software
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments," according to a description of the flaw in the NIST National Vulnerability Database (NVD). "Successful attacks of this vulnerability can result in the takeover of Oracle Payments." The shortcoming impacts versions from 12.2.3 through 12.2.15. Patches for the flaw were shipped by Oracle as part of its Critical Security Patch Update last month. CVE-2026-46817 has since come under active exploitation, with Defused Cyber noting on Monday that "over the weekend, we observed an actor exploiting t...
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

Jun 29, 2026 Privacy / Social Media
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through usernames, as opposed to directly sharing their phone numbers. Username reservations will start rolling out starting today, enabling users to create and reserve a username before the feature becomes generally available later this year. "You choose your own, and it doesn't have to match your handle on any other app," the Meta-owned messaging app said in a statement shared with The Hacker News ahead of publication. "At its core, it's a privacy feature, not a social media handle – there's no directory to browse and no suggestions, so people need to know your exact username to contact you for the first time." As it goes without saying, choosing a username should be unique and can b...
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

Jun 29, 2026 Browser Security / Web Security
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft says Google removed it from the store after responsible disclosure. The extension was called "Search for perplexity ai" (ID flkebkiofojicogddingbdmcmkpbplcd) and used a look-alike domain, perplexity-ai[.]online, to pass for the real service at perplexity.ai. Microsoft's Defender research team  says the point was to intercept searches and collect data. It found no proof of password theft, but far more access than a search box should ever need. Once installed, the extension sets itself as the browser's default search engine. When you searched, the query went first to perplexity-ai[.]online, where the attacker's server logged it with your browser headers, IP address,...
Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

Jun 29, 2026 Artificial Intelligence / Vulnerability
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below - CVE-2026-43707 - A memory corruption issue that could result in an unexpected process crash when processing maliciously crafted web content. It was addressed with improved memory handling. CVE-2026-43716 - An unspecified issue that could result in an unexpected Safari crash when processing maliciously crafted web content. It was addressed with improved memory handling. CVE-2026-43745 - An out-of-bounds write issue that could result in an unexpected Safari crash when processing maliciously crafted web content. It was addressed with improved input validation. CVE-2026-43715 - A use-after-free issue that could result in memory corruption when processing m...
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks

Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks

Jun 29, 2026 Threat Intelligence / Malware
The China-aligned espionage group  Mustang Panda  is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit  found active compromises inside Indian government networks, including machines used by senior administrative staff, and worked with  CERT-In  on notification and cleanup. The malware abuses  Zoho WorkDrive , a cloud storage platform common in India's government sector, to pass commands and exfiltrate data. That is the whole idea: the traffic looks like ordinary cloud activity, so it hides inside the network it is stealing from. Acronis names three new tools. SHARDLOADER is a loader that runs by sideloading a malicious DLL through a legitimately signed binary, a Solid PDF Creator executable in one campaign, and a Citrix Receiver binary in the other. It deploys one of two implants. MINIRECON is a rewor...
⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More

⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More

Jun 29, 2026 Cybersecurity / Hacking
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and defenders have more cleanup waiting. Here’s the full Monday recap. ⚡ Threat of the Week New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets — Cybersecurity researchers detailed a new variant of the Dirty Frag Linux kernel flaw. Called DirtyClone (aka CVE-2026-43503), it allows local users to gain root privileges via cloned packets. The exploit works successfully on Debian, Ubuntu, and Fedora systems with default namespace configurations. "Any local user on a server or device running a vulnerable kernel who holds or can acquire the CAP_NET_ADMIN capability (frequently obtainable via unprivileged user namespaces) [is exploitable]," JFrog said. "This poses the highest risk to multi-te...
236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

Jun 29, 2026 Cybercrime / Cryptocurrency
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App . The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonation sites, and crypto wallet drainers. A total of 236,493 distinct second-level domains have been identified by the DNS threat intelligence company. "For the last two years, there's been a dramatic scaling up of scam websites using the DCloud framework, and operators of these sites continue to launch complex real-world schemes to trick victims," Infoblox said in an exhaustive report published last week. It's being assessed that unknown threat actors are selling DCloud investment scam templates, although there are indications of centralized ownership across a significant chunk o...
Why Post-Quantum Cryptography Starts With Credentials

Why Post-Quantum Cryptography Starts With Credentials

Jun 29, 2026 Quantum Computing / Non-Human Identity
Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is advancing rapidly and will inevitably change how organizations protect their data. Ciphertext and credentials captured by attackers can now be stored and decrypted as soon as quantum computing catches up. How urgent is quantum-resistant cryptography? The Global Risk Institute’s 2025 Quantum Threat Timeline report shows that surveyed security specialists believe a cryptographically relevant quantum computer is likely to be available within 15 years, with 51-70% indicating so. The threat dates back to 1994, when Peter Shor proved that a powerful quantum computer could efficiently factor large numbers and compute discrete logarithms. However, Shor’s algorithm applies to public-key cryptography, posing no meani...
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Jun 29, 2026 Cloud Security / Malware
A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the year. Primary targets of these efforts include Ukrainian governmental and military institutions. "Throughout 2025, Gamaredon stayed highly active and remained focused solely on Ukraine," ESET said . "The group's ultimate goal continues to be the exfiltration of sensitive information and other critical data that could be exploited to support Russian interests in the ongoing war in Ukraine." The spear-phishing campaigns make use of archive attachments or XHTML files that employ HTML smuggling to deliver malicious HTA downloaders that are responsible for dropping additional payloads, such as PteroS...
Expert Insights Articles Videos
Cybersecurity Resources