The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment. According to Palo Alto Networks Unit 42, the issue relates to how the Vertex AI permission model can be misused by taking advantage of the service agent 's excessive permission scoping by default. "A misconfigured or compromised agent can become a 'double agent' that appears to serve its intended purpose, while secretly exfiltrating sensitive data, compromising infrastructure, and creating backdoors into an organization's most critical systems," Unit 42 researcher Ofir Shaty said in a report shared with The Hacker News. Specifically, the cybersecurity company found that the Per-Project, Per-Product Service Agent ( P4SA ) associated with a deployed AI agent ...

The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining challenge of the new era of digital warfare: the weaponization of Artificial Intelligence. Threat actors, from nation-states to sophisticated criminal enterprises, are no longer just attacking. They are automating the entire kill chain. In this AI arms race, traditional defensive strategies are no longer sufficient. Periodic point-in-time assessments, manual triage, and human-speed response were already under pressure in fast-moving environments. Against AI-enabled adversaries, they are increasingly inadequate. Solutions like PlexTrac are built to help organizations move beyond fragmented findings, disconnected tools, and slow manual workflows by unifying exposure management, remediation, and...

Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT . "The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating brands including Surfshark VPN, Signal, Telegram, Zoom, Microsoft Teams, and others," Germany-based cybersecurity company Hexastrike said in a report published last week. The activity has been attributed to a Chinese cybercrime group called Silver Fox , which is also tracked as SwimSnake, The Great Thief of Valley (or Valley Thief), UTG-Q-1000, and Void Arachne. The discovery of AtlasCross RAT represents an evolution of the threat actor's arsenal from Gh0st RAT derivatives like ValleyRAT (aka Winos 4.0), Gh0stCringe, and HoldingHands RAT (aka Gh0stBins). The attack chains i...

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and 0.30.4 of Axios have been found to inject " plain-crypto-js " version 4.2.1 as a fake dependency. According to StepSecurity, the two versions were published using the compromised npm credentials of the primary Axios maintainer ("jasonsaayman"), allowing the attackers to bypass the project's GitHub Actions CI/CD pipeline. "Its sole purpose is to execute a postinstall script that acts as a cross-platform remote access trojan (RAT) dropper, targeting macOS, Windows, and Linux," security researcher Ashish Kurmi said . "The dropper contacts a live command and control server and delivers platform-specific second-stage payloads. After execution, the malware deletes itself and replaces its own...

A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content," the cybersecurity company said in a report published today. "A backdoored GPT could abuse the same weakness to obtain access to user data without the user's awareness or consent." Following responsible disclosure, OpenAI addressed the issue on February 20, 2026. There is no evidence that the issue was ever exploited in a malicious context. While ChatGPT is built with various guardrails to prevent unauthorized data sharing or generate direct outbound network requests , the newly discovered vulnerability bypasses these safeguards entirely by exploiting a side channel originating from the Linux runtime ...

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad . "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked," ReliaQuest researchers Thassanai McCabe and Andrew Currie said in a report shared with The Hacker News. The starting point of the attack chain is a ClickFix lure that tricks users into running PowerShell commands by pasting the command into the Windows Run dialog under the pretext of addressing a non-existent issue. This, in turn, uses "mshta.exe," a legitimate Windows utility to download and run an obfuscated PowerShell loader. The loader, for its part, has been found to conceal its actual functionality among meaningless variable assignments, likely in an attempt to deceive security tools. It's ass...

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's a bit of everything this week. Persistence plays, legal wins, influence ops, and at least one thing that looks boring until you see what it connects to. All of it below. Let's go. ⚡ Threat of the Week Citrix Flaw Comes Under Active Exploitation — A critical security flaw in Citrix NetScaler ADC and NetScaler Gateway (CVE-2026-3055, CVSS score: 9.3) has come under active exploitation as of March 27, 2026. The vulnerability refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per Citrix, successful exploitation of the flaw hinges on the appliance being configured as a SAML Identity Provider (SAML IDP)...

What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary escalations, and improve how the entire SOC responds under pressure.  Here are three process fixes that can help unlock stronger Tier 1 performance. Process #1: Replace Tool Switching with One Cross-Platform Investigation Workflow The problem: Tier 1 often loses time moving between different tools, interfaces, and processes to investigate suspicious activity across operating systems. What starts as one alert can quickly turn into a fragmented workflow. Why it hurts productivity: Constant tool switching slows down triage, breaks investigation focus, and makes it harder to build a clear picture of what is happening. It also increases the chance of missed...

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables" to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling via Fast Reverse Proxy (FRP). "The executables provide encrypted payload loading, credential harvesting via a polished Windows Hello phishing UI, keylogging, RDP session hijacking, and reverse proxy tunneling through FRP," Censys security researcher Andrew Northern said . The attack surface management platform said it recovered CTRL from an open directory at 146.19.213[.]155 in February 2026. Attack chains distributing the toolkit rely on a weaponized LNK file ("Private Key #kfxm7p9q_yek.lnk") with a folder icon to trick users into double-clicking it. This tri...

Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded. This year's findings reveal three core trends: AI has fundamentally reshaped how and where credentials leak, internal systems are far more exposed than most organizations realize, and remediation continues to be the industry's Achilles heel. Here are nine strategic takeaways that matter. 1. Secrets are growing faster than the developer population Since 2021, leaked secrets have grown 152%, while GitHub's public developer base expanded 98%. More developers and more AI-assisted code generation mean more credentials in circulation, and detection alone can't keep pace. 2. AI services drove 81% more leaks year over year ...

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD , EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL RAT , PoshRAT , TrackBak Stealer, RawCookie, Hypnosis Loader, and FluffyGh0st . The activity has been attributed to the following clusters - June - August 2025: Mustang Panda (aka Stately Taurus).  March - September 2025: CL-STA-1048, which overlaps with clusters publicly documented under the monikers Earth Estries and Crimson Palace . April and August 2025 - CL-STA-1049, which overlaps with a publicly documented cluster known as Unfading Sea Haze . Activity timeline "These activity clusters overlap with publicly reported campaigns aimed at establishing persistent ...

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team , which carried out the breach, said on its website that Patel "will now find his name among the list of successfully hacked victims." In a statement shared with Reuters, the FBI confirmed Patel's emails had been targeted, and noted necessary steps have been taken to "mitigate ​potential risks associated with this activity." The agency also said the published data was "historical in nature and involves no government information." The leak includes emails from ​2010 and 2019 allegedly sent by Patel. Handala Hack is assessed to be a pro-Iranian, pro-Palestinian hacktivist persona adopted by Iran's Ministry of Intelligence and Security ( MOIS ). It's tracked by the cybersecurity community under the m...