Endigest

About
Privacy
Terms
Contact
RSS

The Hacker News Articles | Endigest

The Hacker News Articles

The Hacker News

31 min read

Security•2026-03-23

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Threat actors are actively exploiting CVE-2025-32975 (CVSS 10.0), an authentication bypass flaw in Quest KACE Systems Management Appliance (SMA), to hijack administrative accounts.

The Hacker News

61 min read

Security•2026-03-21

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

The FBI and CISA warn that Russian intelligence-affiliated threat actors are conducting mass phishing campaigns targeting Signal and WhatsApp accounts of high-value individuals.

The Hacker News

41 min read

Security•2026-03-21

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle has patched a critical unauthenticated remote code execution vulnerability (CVE-2026-21992) affecting Oracle Identity Manager and Web Services Manager.

The Hacker News

31 min read

Security•2026-03-21

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

CISA added five actively exploited vulnerabilities in Apple, Craft CMS, and Laravel Livewire to its KEV catalog, requiring federal agencies to patch by April 3, 2026.

The Hacker News

31 min read

Security•2026-03-21

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

A supply chain attack on the Trivy scanner has spawned a self-propagating npm worm called CanisterWorm, affecting 47 packages across multiple scopes.

The Hacker News

71 min read

Security•2026-03-20

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, an open-source vulnerability scanner by Aqua Security, suffered a second supply chain attack where 75 GitHub Actions version tags were hijacked to deliver CI/CD secret-stealing malware.

The Hacker News

71 min read

Security•2026-03-20

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical unauthenticated remote code execution vulnerability (CVE-2026-33017, CVSS 9.3) in Langflow was actively exploited within 20 hours of public disclosure.

The Hacker News

71 min read

Security•2026-03-20

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google introduces a mandatory 24-hour waiting period for sideloading apps from unverified developers on Android to combat malware and scams.

The Hacker News

191 min read

Security•2026-03-20

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

This article examines how AI-enabled cyber attacks are outpacing traditional security models and why behavioral analytics must evolve to counter them.

The Hacker News

71 min read

Security•2026-03-20

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Sansec has disclosed a critical Magento REST API vulnerability dubbed PolyShell that allows unauthenticated attackers to upload arbitrary executables and achieve remote code execution or account takeover.

The Hacker News

71 min read

Security•2026-03-20

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

The U.S.

The Hacker News

71 min read

Security•2026-03-20

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Apple warns users of older iOS versions about active web-based attacks using the Coruna and DarkSword exploit kits that steal sensitive data.