-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Day Zero Readiness: The Operational Gaps That Break Incident Response

Day Zero Readiness: The Operational Gaps That Break Incident Response

May 07, 2026 Incident Response / Identity Management
Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do.  That distinction matters far more than many organizations realize. In the first hours of a security incident, attackers are not waiting for your identity team to provision emergency accounts, for legal to decide whether an outside firm can access sensitive systems, or for someone to figure out who owns the EDR console. Every delay gives the attacker more uninterrupted time in your environment. Every hour lost to logistics increases the likelihood of deeper compromise, broader impact, and more expensive recovery.  The same is true internally. An organization may have an incident response plan, a capable security team, and a list of escalation contacts, yet still be unprepared to respond under p...
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

May 07, 2026 Malware / Threat Intelligence
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called  ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky  said . "Unlike traditional malware, ZiChatBot does not communicate with a dedicated command-and-control (C2) server, but instead uses a series of REST APIs from the public team chat app Zulip as its C2 infrastructure." The activity has been described as a "carefully planned and executed PyPI supply chain attack" by the Russian cybersecurity company. The names of the packages, which have since been taken down, are listed below - uuid32-utils (1,479 downloads) colorinal (614 downloads) termncolor (387 downloads) All three packages were uploaded to PyPI during a short wi...
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

May 07, 2026 Vulnerability / Software Security
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host environment. The security flaws are listed below - CVE-2026-24118 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via "__lookupGetter__" and permits an attacker to run arbitrary code on the underlying host. (Affects versions <= 3.10.4, patches in 3.11.0) CVE-2026-24120 (CVSS score: 9.8) - A patch bypass for CVE-2023-37466 (CVSS score: 9.8) that could allow attackers to escape the sandbox through the species property of promise objects and execute arbitrary commands on the underlying host. (Affects versions <= 3.10.3, patched in 3.10.5) CVE-2026-24781 (CVSS ...
cyber security

The AI Security Starter Pack

websiteWizAI Security / Cloud Security
Unlock 7 of the most widely used AI security resources in one place. Each asset provides practical tools for securing AI apps, models, and agents.
cyber security

11 real-world stories proving how identity drift opens active attack paths

websiteXM CyberIdentity Security / Exposure Management
Learn how attackers leverage privilege drift to reach critical assets across 11 architectural teardowns.
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

May 06, 2026 IoT Security / Malware
Cybersecurity researchers have exposed a new Mirai -derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge ( ADB ) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted server at the IP address "176.65.139[.]44" without requiring any authentication. The malware supports "21 flood variants across TCP, UDP, and raw protocols, including RakNet and OpenVPN-shaped UDP, capable of bypassing consumer-grade DDoS protection," Hunt.io said, adding it's offered as a DDoS-for-hire service designed for targeting game servers and Minecraft hosts. What makes xlabs_v1 notable is that it seeks out Android devices running an exposed ADB service on TCP port 5555, meaning any gear that comes with the tool enabled by default, such as Android TV boxes,...
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

May 06, 2026 Ransomware / Cybercrime
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social engineering techniques via Microsoft Teams to initiate the infection sequence. Although the incident initially appeared to be consistent with a ransomware-as-a-service (RaaS) group operating under the Chaos brand, evidence points to it being a targeted state-backed attack that masquerades as opportunistic extortion. "The campaign was characterized by a high-touch social engineering phase conducted via Microsoft Teams , where the attackers utilized interactive screen-sharing to harvest credentials and manipulate multi-factor authentication (MFA)," Rapid7 said in a report shared with The Hacker News. "Once inside, the group bypassed traditional ransomware workflows, for...
The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open

The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open

May 06, 2026 Security Leadership / Industry Recognition
For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, teams building smarter defenses, and security products that keep hunting threats 24/7 — even when it’s hard. Most of the time, this work is invisible. When everything goes perfectly, nothing happens. The world just stays safe, and no one notices. Today, we want the world to notice. Introducing the CyberStars Awards 2026 We are launching the  Cybersecurity Stars Awards 2026 , a global program that recognizes excellence across the cybersecurity industry and highlights outstanding work that often goes unnoticed. Submissions are now open, and companies, products, and professionals can apply via the official awards portal: https://awards.thehackernews.com/ We don’t just want to report the news anymore. We want to recognize t...
Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?

Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?

May 06, 2026 Compliance / Data Security
Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Enterprise leaders can request access to the Gartner Market Guide for Guardian Agents , available complimentary from Orchid Security. The challenge is not simply one of tooling. It is a structural gap in how identity has been managed over the past decades. Traditional identity and access management were designed for human users to log in and out of systems. AI agents operate differently — they run continuously, span multiple applications, acquire permissions opportunistically, and generate activity at machine speed. The result is yet another form of what Orchid Security calls "identity dark matter": an invisible and unmanaged layer of identity activity op...
⚡ Top Stories This Week
Expert Insights Articles Videos
Cybersecurity Resources