Endigest

About
Privacy
Terms
Contact
RSS

The Hacker News Articles | Endigest

The Hacker News Articles

The Hacker News

21 min read

Security•2026-05-19

DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability

Proof-of-concept code for CVE-2026-31635 (DirtyDecrypt), a Linux kernel local privilege escalation vulnerability, has been released.

The Hacker News

21 min read

Security•2026-05-19

The New Phishing Click: How OAuth Consent Bypasses MFA

OAuth consent screens have become a primary phishing vector that bypasses MFA, as demonstrated by EvilTokens, which compromised 340+ Microsoft 365 organizations by harvesting refresh tokens.

The Hacker News

21 min read

Security•2026-05-19

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

Drupal will release urgent core security updates on May 20, 2026, from 5-9 p.m.

The Hacker News

21 min read

Security•2026-05-19

SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

Seven critical vulnerabilities in SEPPMail Secure E-Mail Gateway enable remote code execution and unauthorized mail access.

The Hacker News

11 min read

Security•2026-05-19

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

A compromised Nx Console VS Code extension (v18.95.0) deployed a multi-stage credential stealer targeting developers.

The Hacker News

11 min read

Security•2026-05-19

GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

GitHub Actions supply chain attack compromised popular workflow actions by redirecting all tags to malicious commits containing credential-stealing code.

The Hacker News

31 min read

Security•2026-05-19

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

A supply chain attack campaign named Mini Shai-Hulud has compromised npm packages in the @antv ecosystem through a hijacked maintainer account, distributing malicious code to hundreds of thousands of developers.

The Hacker News

11 min read

Security•2026-05-18

INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests

INTERPOL coordinated a significant cybercrime crackdown across the MENA region between October 2025 and February 2026.

The Hacker News

01 min read

Security•2026-05-18

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Weekly security recap covers critical vulnerabilities and supply chain attacks impacting production environments.

The Hacker News

01 min read

Security•2026-05-18

How to Reduce Phishing Exposure Before It Turns into Business Disruption

Organizations use interactive sandboxes and threat intelligence to detect phishing attacks faster and reduce business exposure.

The Hacker News

11 min read

Security•2026-05-18

Developer Workstations Are Now Part of the Software Supply Chain

Developer workstations are now critical targets in software supply chain attacks, with attackers focusing on stealing credentials rather than just injecting malicious code.

The Hacker News

01 min read

Security•2026-05-18

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Multiple enterprise software vendors have released security patches for critical vulnerabilities including remote code execution, SQL injection, and privilege escalation flaws discovered in their products.