Search results for python current version 2026 | Breaking Cybersecurity News | The Hacker News

Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling. This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real life, too. There’s a good mix here: weird abuse of trusted stuff, quiet infrastructure ugliness, sketchy chatter, and the usual reminder that attackers will use anything that works. Scroll on. You’ll see what I mean. ⚡ Threat of the Week Google Patches 2 Actively Exploited Chrome 0-Days — Google released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The vulnerabilities related to an out-of-bounds write vulnerability in the Skia 2D graphics library (CVE-2026-3909) and an inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine (CVE-2026-3910) that could result in out-of-boun...

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code "tasks.json" to distribute malware is a relatively new tactic adopted by the threat actor since December 2025 , with the attacks leveraging the "runOn: folderOpen" option to automatically trigger its execution every time any file in the project folder is opened in VS Code. "This task is configured so that it downloads data from a web application on Vercel regardless of executing OS [operating system]," NTT Security said in a report published last week. "Though we assume that the executing OS is Windows in this article, the essential behaviors are the same for any OS." The downloaded payload first checks whether Node.js is installed in the executing environment. If it's ab...

An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already present," Censys security researcher Mark Ellzey said in a report published Monday. The attack activity, at its core, systemically scans for exposed ComfyUI instances and exploits a misconfiguration that allows remote code execution on unauthenticated deployments through custom nodes . Upon successful exploitation, the compromised hosts are added to a cryptomining operation that mines Monero via XMRig and Conflux via lolMiner, as well as to a Hysteria V2 botnet. Both of them are centrally managed through a Flask-based command-and-control (C2) dashboard. Data from the at...

The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time. Some developments are headline-level. Others sit in the background but carry long-term impact. Together, they shape how defenders need to think about exposure, response, and preparedness right now. This edition of ThreatsDay Bulletin brings those signals into one place. Scan through the roundup for quick, clear updates on what’s unfolding across the cybersecurity and hacking landscape. Privacy model hardening Google Showcases New Privacy and Security Features in Android 17 Google announced the first beta version of Android 17 , with two privacy and security enhancements: the deprecation of Cleartext Traffic Attribute and support for HPKE Hybrid Cryptography to enable secure communication using a combination of public key and symme...

It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they’re blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut “hacker stories” now looks more like a mirror of the systems we all use. This week’s findings show a pattern: precision, patience, and persuasion. The newest campaigns don’t shout for attention — they whisper through familiar interfaces, fake updates, and polished code. The danger isn’t just in what’s being exploited, but in how ordinary it all looks. ThreatsDay pulls these threads together — from corporate networks to consumer tech — revealing how quiet manipulation and automation are reshaping the threat landscape. It’s a reminder that the future of cybersecurity won’t hinge on bigger walls, but on sharper awareness. Open-source tool exploited Abuse of Nezha for Post-Exploitation Bad actors are le...

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature, or reused login tokens. These aren’t just tech issues — they’re habits being exploited. Let’s walk through the biggest updates from the week and what they mean for your security. ⚡ Threat of the Week Recently Patched Windows Flaw Comes Under Active Exploitation — A recently patched security flaw affecting Windows NTLM has been exploited by malicious actors to leak NTLM hashes or user passwords and infiltrate systems since March 19, 2025. The flaw, CVE-2025-24054 (CVSS score: 6.5), is a hash disclosure spoofing bug that was fixed by Microsoft last month as part of its Patch Tuesday updates...

The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks to job scams, are rewriting what “cybercrime” looks like in practice. Across the landscape, big players are being tested, familiar threats are mutating, and smaller stories are quietly signaling bigger patterns ahead. The trend isn’t about one big breach anymore; it’s about many small openings that attackers exploit with precision. The pace of exploitation, deception, and persistence hasn’t slowed; it’s only become more calculated. Each update in this edition highlights how the line between normal operations and compromise is getting thinner by the week. Here’s a sharp look at what’s moving beneath the surface of the cybersecurity world as 2026 begin...

Everything feels secure—until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms—they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection—that’s all it takes. Staying safe isn’t just about reacting fast. It’s about catching these early signs before they blow up into real problems. That’s why this week’s updates matter. From stealthy tactics to unexpected entry points, the stories ahead reveal how quickly risk can spread—and what smart teams are doing to stay ahead. Dive in. ⚡ Threat of the Week U.S. Disrupts N. Korea IT Worker Scheme — Prosecutors said they uncovered the North Korean IT staff working at over 100 U.S. companies using fictitious or stolen identities and not only drawing salaries, but also stealing secret data and plundering virtual currency more than $900,000 in one incident targeting an unnamed blockchain company in ...