The Hacker News

Toxic Combinations: When Cross-App Permissions Stack into Risk

Toxic combinations form when AI agents, integrations, or OAuth grants bridge SaaS apps into trust relationships no single ...
The Hacker News

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

Lotus Wiper hit Venezuela’s energy sector in late 2025, exploiting pre-Windows 10 1803 systems, wiping drives and crippling ...
The Hacker News

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

"A regression in the Microsoft.AspNetCore.DataProtection 10.0.0-10.0.6 NuGet packages cause the managed authenticated ...
The Hacker News

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Updated LOTUSLITE targets India banking sector via CHM and DLL side-loading, expanding espionage campaign to South Korea and ...
The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...
The Hacker News

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

Ransomware negotiator pleads guilty to aiding BlackCat in 2023; leaked victim data enabled $1.2M extortion and $10M seizure.
The Hacker News

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

BREAK flaws in Lantronix and Silex converters expose nearly 20,000 devices online, enabling takeover and data tampering.
The Hacker News

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

SystemBC C2 exposed 1,570+ victims tied to The Gentlemen since July 2025, revealing expanding ransomware scale.
The Hacker News

5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time

Integrated threat intelligence reduces MTTR using data from 15,000 organizations and 600,000 analysts, limiting dwell time ...