-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Vulnerability | Breaking Cybersecurity News | The Hacker News

Category — Vulnerability
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

Jul 14, 2026 Vulnerability / Network Security
Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo's security team, which discovered and reported the flaws, said one "leaks the broker's confidential OAuth secret to an unauthenticated attacker in a single request, a direct path to full broker takeover in the configurations that use that secret." The second vulnerability allows any logged-in user to silently read other tenants' data. Both shortcomings are said to have been present in the codebase since early 2024, impacting RabbitMQ release lines from 3.13.0 and later. They have been addressed in versions 4.3.0, 4.2.6, 4.1.11, 4.0.20, and 3.13.15. There is no evidence of active exploitation of either of the vulnerabilities prior to the public disclosure. A brief description ...
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

Jul 14, 2026 Endpoint Security / Linux
Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. "An attacker exploiting one of these vulnerable applications can execute untrusted code during system boot, enabling deployment of malicious UEFI bootkits or other malware," ESET researcher Martin Smolár said in a report published today. The UEFI shim bootloaders expose any UEFI-based machine that trusts Microsoft's " Microsoft Corporation UEFI CA 2011 " third-party UEFI certificate authority (CA) certificate, irrespective of the installed operating system. The certificate is used to sign third-party boot components intended to run under Secure Boot. It expired as of June 27, 2026, and has been replaced by Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023. The shim is a lightweight, open-source UEFI bootloader that acts as an ...
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

Jul 14, 2026 Network Security / Cyber Espionage
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service ( 1VPNS ), has been accused of offering its tools to ransomware groups, along with its 45-year-old Ukrainian administrator, Dmytro Rashevskyi. The department has also sanctioned Yegeniy Vladimirovich Silayev, a Belarusian national, for selling cryptors to help conceal ransomware and other malware as safe programs to avoid being detected by security tools. First VPN was dismantled in May 2026 as part of a joint law enforcement operation by European and North American authorities for assisting criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. The service had been operational since 2014, advertising that it neither keeps...
cyber security

The AI Security Starter Pack

websiteWizAI Security / Cloud Security
Unlock 7 of the most widely used AI security resources in one place. Each asset provides practical tools for securing AI apps, models, and agents.
cyber security

11 real-world stories proving how identity drift opens active attack paths

websiteXM CyberIdentity Security / Exposure Management
Learn how attackers leverage privilege drift to reach critical assets across 11 architectural teardowns.
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More

⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More

Jul 13, 2026 Cybersecurity / Hacking
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don't file tickets. That's the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue too long. Fake installers, poisoned packages, systems left facing the open internet, and helpful little AI assistants running instructions that were never yours. The gap between "patch exists" and "already exploited" keeps shrinking, and nobody's closing it. None of it is exotic. That's what wears you down. Same ordinary mistakes, just happening faster than we can keep up. Here's the full mess, top to bottom. ⚡ Threat of the Week Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers — Progress urged customers to shut down Win...
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

Jul 13, 2026 Vulnerability / Web Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities ( KEV ) catalog, following reports of zero-day exploitation in the wild. The vulnerabilities, both rated 10.0 on the CVSS scoring system, are below - CVE-2026-48939 - A vulnerability in the iCagenda extension for Joomla that allows the upload of arbitrary files via the file attachment feature, leading to PHP code upload and execution. CVE-2026-56291 - A vulnerability in the Balbooa Forms extension for Joomla that allows the upload of arbitrary files, leading to remote code execution. According to mySites.guru, a cloud-based dashboard service for managing WordPress and Joomla websites, CVE-2026-48939 is said to have been exploited as a zero-day since June 15, 2026, in automated attacks aimed at Joomla sites on which iCagenda is installed. It resides in the "Submit an...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources