The Hacker News

Hacker Magazines & Publications.

Get NordVPN

Stay safe with the world’s leading VPN

Official Website The Hacker News

The Hacker News Magazine is a free monthly magazine designed to spread awareness and knowledge about cyber security. Our goal is to provide the most up-to-date information on a wide variety of topics that relate to hackers and security experts worldwide. Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals.


17 July

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of it. An anonymous HTTP request can run code on a WordPress (…)


17 July

OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no (…)


17 July

Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, (…)


17 July

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, (…)


17 July

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon (…)


17 July

Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. "Any user who ran the project ended up with (…)


17 July

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability to drive other apps in the (…)


17 July

The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?

Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition pathways are transforming how capability is delivered, rewarding (…)


17 July

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man

Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova, told REN TV that border officers pulled him out of the departure hall (…)


17 July

ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command (…)

Cyber Security News

NadMesh Uses Shodan to Find and Hijack Exposed AI and MCP Infrastructure

A sharp structural shift has been identified in the botnet landscape. Security researchers at XLab have uncovered NadMesh, a Go-based botnet that has been (…)

19 July

Linux Security

Mageia 10 9 libidn Critical Out-Of-Bounds Read CVE-2026-57053

Security update

18 July

TechNadu

Weekly Cybersecurity Roundup: Dormant Code, Record Patches, and AI on Both Sides of Security

AI Appreciation Day arrived alongside a reminder that scale does not always require automation. Dutch and Belgian police disrupted an investment fraud (…)

18 July

HackRead

“TTF Trap” Phishing Emails Use Fake Font Files to Deliver Windows Malware

An email that appears to contain a shipping document, payment request, or business proposal can infect a Windows…

17 July

Red Cross

We stand with Ukraine

The Russian government’s attack on Ukraine has put millions of innocent lives in danger. We stand with Ukraine to support their freedom and to defend democracy. If you wish to support Ukraine and its people in their time of need, please consider donating to the Red Cross.

Your data is YOUR data

Your data is YOUR data

eFoundation is a non-profit organization leading the development of Open Source mobile operating systems that respect users’ data privacy.

Signal

Signal

Speak Freely

Tor Browser

Tor Browser

Tor protects your privacy

NordVPN

Protect all your devices.

Secure, high-speed VPN