Latest Hacking News

Hacker Magazines & Publications.

Get NordVPN

Stay safe with the world’s leading VPN

Official Website Latest Hacking News

Latest Hacking News offers the latest hacking news, penetration testing tools and cyber security courses for ethical hackers, penetration testers, IT security experts and essentially anyone interested in the cyber security world.


15 July

Two Joomla Extensions Hit by Zero-Day File Upload Attacks Before Patches Landed

CISA added CVE-2026-48939 and CVE-2026-56291 to its Known Exploited Vulnerabilities catalog after automated attackers exploited file upload flaws in iCagenda and Balbooa Forms weeks before either bug had a CVE number. Two Joomla Extensions Hit by Zero-Day File Upload Attacks (…)


15 July

11 Old Signed UEFI Shims Just Broke Secure Boot on Millions of PCs

ESET found 11 Microsoft-signed UEFI shims, some over a decade old, that let attackers bypass Secure Boot without a single new exploit. 11 Old Signed UEFI Shims Just Broke Secure Boot on Millions of PCs on Latest Hacking News | Cyber Security News, Hacking Tools and (…)


10 July

How the GodDamn Ransomware Driver Bypasses Your EDR

GodDamn ransomware's PoisonX driver is a textbook EDR bypass driver: a Microsoft-signed kernel driver that kills security tools instead of exploiting them. How the GodDamn Ransomware Driver Bypasses Your EDR on Latest Hacking News | Cyber Security News, Hacking Tools and (…)


9 July

Kerberoasting Attack Explained Step by Step

A technical walkthrough of the kerberoasting attack: the Kerberos quirk it abuses, RC4 vs AES, and how to detect and fix it in Active Directory. Kerberoasting Attack Explained Step by Step on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing (…)


8 July

Adobe ColdFusion Vulnerabilities Are a Design Failure, Not Bad Luck

Adobe frames the fast exploitation of its ColdFusion vulnerabilities as an attacker speed problem. The real issue is a connector that never should have trusted an unauthenticated request. Adobe ColdFusion Vulnerabilities Are a Design Failure, Not Bad Luck on Latest Hacking (…)


7 July

Gitea Docker Vulnerability Now Under Active Probing, CVE-2026-20896

A critical flaw in Gitea's official Docker image let anyone impersonate an admin with one forged header. Sysdig spotted the first exploitation attempts 13 days after the fix shipped. Gitea Docker Vulnerability Now Under Active Probing, CVE-2026-20896 on Latest Hacking News | (…)


6 July

Inside Android’s New Lockscreen Rate-Limiting Rules

Google has replaced Android's 1,800-guess lockscreen limit with a 20-attempt hard cap. Here is how the new rate limiter works and what it means for anyone testing or managing Android devices. Inside Android's New Lockscreen Rate-Limiting Rules on Latest Hacking News | Cyber (…)


6 July

Insignary Closes SBOM Accuracy Gap With Binary-Level Clarity for Regulatory Risk

Toronto, Canada, 6th July 2026, CyberNewswire Insignary Closes SBOM Accuracy Gap With Binary-Level Clarity for Regulatory Risk on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.


4 July

CSRF Attack Explained: Mechanics, Real Exploits, and How to Test for It

A practitioner's breakdown of the CSRF attack: how the forged request works, two documented exploits, a manual test, and the fixes that hold up. CSRF Attack Explained: Mechanics, Real Exploits, and How to Test for It on Latest Hacking News | Cyber Security News, Hacking (…)


4 July

Credential Stuffing: A Defender’s Guide to Detecting Automated Login Attacks

Credential stuffing tests stolen password lists against your login form until one matches. Here is how to spot the traffic pattern and layer defences that actually hold. Credential Stuffing: A Defender's Guide to Detecting Automated Login Attacks on Latest Hacking News | (…)

Cyber Security News

New wp2shell RCE Vulnerability Hits Millions of WordPress Sites, Emergency Patch Released

A critical pre-authentication remote code execution (RCE) vulnerability dubbed “wp2shell” has been discovered in WordPress Core, putting an estimated 500 (…)

18 July

The Hacker News

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a (…)

17 July

Linux Security

Oracle Linux 10 Cockpit Image Builder Important Update ELSA-2026-24331

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

17 July

HackRead

“TTF Trap” Phishing Emails Use Fake Font Files to Deliver Windows Malware

An email that appears to contain a shipping document, payment request, or business proposal can infect a Windows…

17 July

Red Cross

We stand with Ukraine

The Russian government’s attack on Ukraine has put millions of innocent lives in danger. We stand with Ukraine to support their freedom and to defend democracy. If you wish to support Ukraine and its people in their time of need, please consider donating to the Red Cross.

Your data is YOUR data

Your data is YOUR data

eFoundation is a non-profit organization leading the development of Open Source mobile operating systems that respect users’ data privacy.

Signal

Signal

Speak Freely

Tor Browser

Tor Browser

Tor protects your privacy

NordVPN

Protect all your devices.

Secure, high-speed VPN