-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

Feb 25, 2026 Vulnerability / Software Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute arbitrary commands via specially crafted HTTP requests. "Soliton Systems K.K FileZen contains an OS command injection vulnerability when a user logs-in to the affected product and sends a specially crafted HTTP request," CISA said. According to the Japan Vulnerability Notes (JVN), the vulnerability affects the following versions of the file transfer product - Versions 4.2.1 to 4.2.8 Versions 5.0.0 to 5.0.10 Soliton noted in its advisory that successful exploitation of the issue is only possible when FileZen Antivirus Check Option is enabled, adding it has "received at le...
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

Feb 24, 2026 Artificial Intelligence / Cloud Security
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. "Attackers can craft hidden instructions inside a GitHub issue that are automatically processed by GitHub Copilot, giving them silent control of the in-codespaces AI agent," security researcher Roi Nisimi said in a report. The vulnerability has been described as a case of passive or indirect prompt injection where a malicious instruction is embedded within data or content that's processed by the large language model (LLM), causing it to produce unintended outputs or carry out arbitrary actions. The cloud security company also called it a type of AI-mediated supply chain attack that induces the LLM to automatically execute ...
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

Feb 24, 2026 Cyber Espionage / Malware
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities supporting the war-torn nation . The activity, which targeted an unnamed entity involved in regional development and reconstruction initiatives, has been attributed to a cybercrime group tracked as UAC-0050 (aka DaVinci Group ). BlueVoyant has designated the name Mercenary Akula to the threat cluster. The attack was observed earlier this month. "The attack spoofed a Ukrainian judicial domain to deliver an email containing a link to a remote access payload," researchers Patrick McHale and Joshua Green said in a report shared with The Hacker News. "The target was a senior legal and policy advisor involved in procurement, a role with privileged insight into institutional operation...
cyber security

The AI Security Starter Pack

websiteWizAI Security / Cloud Security
Unlock 7 of the most widely used AI security resources in one place. Each asset provides practical tools for securing AI apps, models, and agents.
cyber security

11 real-world stories proving how identity drift opens active attack paths

websiteXM CyberIdentity Security / Exposure Management
Learn how attackers leverage privilege drift to reach critical assets across 11 architectural teardowns.
Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem

Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem

Feb 24, 2026 Identity Security / Enterprise Security
Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of these can perhaps be manageable on its own. The real danger is the toxic combination, when multiple weaknesses align and attackers get a clean chain from entry to impact. A useful prioritization framework treats identity risk as contextual exposure, not configuration completeness. 1. Controls Posture: Compliance and Security As Risk Signals, Not Checkboxes Controls posture answers a simple question: If something goes wrong, will we prevent it, detect it, and prove it? In classic IAM programs, controls are assessed as “configured / not configured.” But prioritization needs more nuance: a missing control is a risk ...
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Feb 24, 2026 Threat Intelligence / Healthcare
The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare organization in the U.S. Medusa is a ransomware-as-a-service (RaaS) operation launched by a cybercrime group known as Spearwing in 2023. The group has claimed more than 366 attacks to date. "Analysis of the Medusa leak site reveals attacks against four healthcare and non-profit organizations in the U.S. since the beginning of November 2025," the company said in a report shared with The Hacker News. "Victims included a non-profit in the mental health sector and an educational facility for autistic children. It is unknown if all these victims were targeted by North Korean opera...
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

Feb 24, 2026 Malware / Vulnerability
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. "The group used several unique and rare instruments of Chinese origin," researchers Alexander Badaev and Maxim Shamanov said . UnsolicitedBooker was first documented by ESET in May 2025, attributing the China-aligned threat actor to a cyber attack targeting an unnamed international organization in Saudi Arabia with a backdoor dubbed MarsSnake. The group is assessed to be active since at least March 2023 and has a history of targeting organizations in Asia, Africa, and the Middle East. Further analysis of the threat actor has uncovered tactical overlaps with two other clusters, including Space Pirates an...
Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Feb 24, 2026 Artificial Intelligence / Anthropic
Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with its large language model (LLM) through about 24,000 fraudulent accounts in violation of its terms of service and regional access restrictions. All three companies are based in China, where the use of its services is prohibited  is prohibited due to "legal, regulatory, and security risks." Distillation refers to a technique where a less capable model is trained on the outputs generated by a stronger AI system. While distillation is a legitimate way for companies to produce smaller, cheaper versions of their own frontier models, it's illegal for competitors to leverage it to acquire such capabilities from other AI companies at a fraction of the time and cost tha...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources