Endigest

About
Privacy
Terms
Contact
RSS

The Hacker News Articles | Endigest

The Hacker News Articles

The Hacker News

01 min read

Security•2026-04-23

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel discovers additional compromised customer accounts linked to a Context.ai-related security breach that exposed internal systems.

The Hacker News

01 min read

Security•2026-04-23

Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case

Apple has released iOS and iPadOS updates to fix a Notification Services vulnerability that unexpectedly retained deleted notifications on devices.

The Hacker News

71 min read

Security•2026-04-22

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious threat actors compromised the official Checkmarx KICS Docker repository, modifying existing tags and introducing a new version with data exfiltration capabilities.

The Hacker News

11 min read

Security•2026-04-22

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

A self-propagating supply chain worm called CanisterSprawl has compromised multiple npm packages through stolen developer tokens and credentials.

The Hacker News

01 min read

Security•2026-04-22

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

The threat actor Harvester has deployed a new Linux variant of its GoGra backdoor targeting entities in South Asia, leveraging Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel.

The Hacker News

11 min read

Security•2026-04-22

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

Kaspersky researchers discovered Lotus Wiper, a destructive data wiper malware targeting Venezuelan energy infrastructure in coordinated attacks throughout late 2025 and early 2026.

The Hacker News

01 min read

Security•2026-04-22

Toxic Combinations: When Cross-App Permissions Stack into Risk

When AI agents bridge multiple applications through OAuth or MCP connections, they create hidden permission combinations that single-app security reviews cannot detect.

The Hacker News

11 min read

Security•2026-04-22

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft releases critical security patch for ASP.NET Core vulnerability CVE-2026-40372 that allows privilege escalation through improper cryptographic signature verification.

The Hacker News

01 min read

Security•2026-04-22

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Mustang Panda has released a new variant of LOTUSLITE malware targeting Indian banks and South Korean policy entities.

The Hacker News

01 min read

Security•2026-04-22

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical vulnerability (CVE-2026-5752, CVSS 9.3) in Cohere AI's Terrarium sandbox allows root code execution via JavaScript prototype chain traversal.

The Hacker News

01 min read

Security•2026-04-21

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

Security researchers discovered a SystemBC C2 server linked to The Gentlemen ransomware group that reveals 1,570+ compromised corporate networks globally.

The Hacker News

21 min read

Security•2026-04-21

22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters

BRIDGE:BREAK exposes 22 vulnerabilities in Lantronix and Silex serial-to-IP converters affecting 20,000+ devices globally.