1911 items
Unread (2158) All Dismissed
HIGH
CVE-2026-45036 (CVSS 7) — Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before...
NVD CVE-2026-45036 22d ago
HIGH
CVE-2026-45035 (CVSS 8.8) — Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby regist...
NVD CVE-2026-45035 22d ago
CRITICAL
CVE-2026-44774 (CVSS 9.9) — Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's K...
NVD CVE-2026-44774 22d ago
HIGH
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
The Hacker News supply-chainbreachesmalware 22d ago
HIGH
CVE-2026-46508 (CVSS 7.8) — Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.1...
NVD CVE-2026-46508 22d ago
CRITICAL
CVE-2026-45772 (CVSS 9.8) — Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to ...
NVD CVE-2026-45772 22d ago
INFO
CVE-2026-46483 (CVSS 3.6) — Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerabilit...
NVD CVE-2026-46483 22d ago
MEDIUM
CVE-2026-45736 (CVSS 4.4) — ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close()...
NVD CVE-2026-45736 22d ago
HIGH
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
The Hacker News supply-chainbreachesmalware +19 19d ago
INFO
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
rss:darkreading 26d ago
INFO
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
rss:darkreading 25d ago
INFO
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
The Hacker News 24d ago
INFO
[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
The Hacker News 24d ago
INFO
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
The Hacker News 22d ago
INFO
Can Laws Stop Deepfakes? South Korea Aims to Find Out
rss:darkreading 20d ago
INFO
Processes and Culture Top Reasons Behind Data Breaches
rss:darkreading 17d ago
INFO
When Identity is the Attack Path
The Hacker News 16d ago
INFO
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The Hacker News 15d ago
INFO
Meta settles school district lawsuit claiming addictive design harmed students' mental health
The Record 15d ago
INFO
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
The Hacker News 14d ago
INFO
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
The Hacker News 12d ago
INFO
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Hacker News 11d ago
INFO
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
SecurityWeek 10d ago
INFO
California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
SecurityWeek 8d ago
INFO
California AG sues 23andMe over 2023 breach exposing health data
BleepingComputer 8d ago
INFO
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
SecurityWeek 3d ago
INFO
Chrome 149 Patches 429 Vulnerabilities
SecurityWeek 1d ago
INFO
EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers
The Record 1d ago
HIGH
CVE-2026-41552 (CVSS 7.5) — PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due ...
NVD CVE-2026-41552 22d ago
INFO
Cyber Pioneers Ponder Past as Prologue
rss:darkreading breachesmalwarethreat-actors 22d ago
INFO
CISA Adds One Known Exploited Vulnerability to Catalog
rss:cisa-advisories actively-exploitedadvisories +4 15d ago
INFO
CISA Adds One Known Exploited Vulnerability to Catalog
rss:cisa-advisories 23d ago
INFO
CISA Adds One Known Exploited Vulnerability to Catalog
rss:cisa-advisories 22d ago
INFO
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
rss:cisa-advisories 17d ago
INFO
CISA Adds Two Known Exploited Vulnerabilities to Catalog
rss:cisa-advisories 16d ago
INFO
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
The Hacker News supply-chainbreachesmalware 22d ago
HIGH
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
The Hacker News supply-chainbreachesmalware 22d ago
INFO
Microsoft Exchange Zero-Day Under Attack, No Patch Available
rss:darkreading CVE-2026-42897breachesmalware +1 19d ago
INFO
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
The Hacker News 22d ago
HIGH
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
The Hacker News CVE-2026-20182supply-chainbreaches +1 23d ago
INFO
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The Hacker News 22d ago
INFO
Taiwan Bullet Train Hack Highlights Cybersecurity Gaps in Rail Systems
rss:darkreading breachesmalwarethreat-actors 23d ago
INFO
SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
rss:darkreading breachesmalwarethreat-actors 23d ago
INFO
Cisco warns of critical Unified CM flaw with PoC exploit code
BleepingComputer breachesransomwaresupply-chain +4 2d ago
INFO
Maximum Severity Cisco SD-WAN Bug Exploited in the Wild
rss:darkreading 23d ago
INFO
Cisco Patches Critical Vulnerability in Secure Workload
SecurityWeek 16d ago
INFO
Max severity Cisco Secure Workload flaw gives Site Admin privileges
BleepingComputer 16d ago
INFO
Cisco Warns of Available PoC for Critical Unified CM Vulnerability
SecurityWeek 2d ago
HIGH
CVE-2026-24899 (CVSS 7.5) — Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's...
NVD CVE-2026-24899 23d ago
CRITICAL
CVE-2026-41315 (CVSS 9.8) — mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthoriz...
NVD CVE-2026-41315 23d ago
HIGH
CVE-2026-6332 (CVSS 7.5) — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclo...
NVD CVE-2026-6332 23d ago
MEDIUM
CVE-2026-46470 (CVSS 4) — An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, ...
NVD CVE-2026-46470 23d ago
HIGH
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
The Hacker News supply-chainbreachesmalware +16 17d ago
INFO
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
rss:unit42 36d ago
INFO
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
rss:darkreading 25d ago
HIGH
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
The Hacker News 23d ago
HIGH
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
The Hacker News 19d ago
HIGH
Developer Workstations Are Now Part of the Software Supply Chain
The Hacker News 19d ago
HIGH
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
The Hacker News 19d ago
HIGH
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
The Hacker News 19d ago
INFO
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
SecurityWeek 17d ago
INFO
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
The Hacker News 12d ago
INFO
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
The Hacker News 8d ago
INFO
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
The Hacker News 5d ago
INFO
Red Hat npm packages compromised to steal developer credentials
BleepingComputer 5d ago
INFO
Supply Chain Attack Hits 32 Red Hat NPM Packages
SecurityWeek 4d ago
INFO
New IronWorm malware hits 36 packages in npm supply-chain attack
BleepingComputer 2d ago
INFO
Rust-Written IronWorm Hits NPM Supply Chain
rss:darkreading 2d ago
INFO
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
The Hacker News 1d ago
INFO
'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine
rss:darkreading breachesmalwarethreat-actors 23d ago
HIGH
CVE-2026-42283 (CVSS 7.7) — DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3....
NVD CVE-2026-42283 23d ago
HIGH
CVE-2026-42281 (CVSS 8.6) — MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Se...
NVD CVE-2026-42281 23d ago
HIGH
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
The Hacker News supply-chainbreachesmalware 23d ago
CRITICAL
CVE-2026-44484 (CVSS 9.8) — PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 an...
NVD CVE-2026-44484 23d ago
INFO
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Hacker News supply-chainbreachesmalware 23d ago
INFO
AI Drives Cybersecurity Investments, Widening 'Valley of Death'
rss:darkreading breachesmalwarethreat-actors 23d ago
INFO
Foxconn Attack Highlights Manufacturing's Cyber Crisis
rss:darkreading breachesmalwarethreat-actors 23d ago
HIGH
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
The Hacker News supply-chainbreachesmalware +81 18d ago
INFO
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
rss:cisa-advisories 25d ago
INFO
Fuji Electric Tellus
rss:cisa-advisories 25d ago
INFO
ABB AC500 V3 Multiple Vulnerabilities
rss:cisa-advisories 25d ago
INFO
Subnet Solutions PowerSYSTEM Center
rss:cisa-advisories 25d ago
INFO
ABB Automation Builder Gateway for Windows
rss:cisa-advisories 25d ago
INFO
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
rss:cisa-advisories 25d ago
INFO
Siemens Siemens ROS#
rss:cisa-advisories 23d ago
INFO
Siemens gWAP
rss:cisa-advisories 23d ago
INFO
Siemens SIMATIC
rss:cisa-advisories 23d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 23d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 23d ago
INFO
Siemens Simcenter Femap
rss:cisa-advisories 23d ago
INFO
Universal Robots Polyscope 5
rss:cisa-advisories 23d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 23d ago
INFO
Siemens Teamcenter
rss:cisa-advisories 23d ago
INFO
Siemens Solid Edge
rss:cisa-advisories 23d ago
INFO
Siemens SENTRON 7KT PAC1261 Data Manager
rss:cisa-advisories 23d ago
INFO
Siemens Opcenter RDnL
rss:cisa-advisories 23d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories 23d ago
INFO
Siemens Industrial Devices
rss:cisa-advisories 23d ago
INFO
Siemens SIMATIC S7 PLC Web Server
rss:cisa-advisories 23d ago
INFO
Siemens SIPROTEC 5
rss:cisa-advisories 23d ago
INFO
Siemens SIMATIC
rss:cisa-advisories 23d ago
INFO
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
The Hacker News 20d ago
INFO
Kieback & Peter DDC Building Controllers
rss:cisa-advisories 18d ago
INFO
Siemens RUGGEDCOM APE1808 Devices
rss:cisa-advisories 18d ago
INFO
ABB CoreSense HM and CoreSense M10
rss:cisa-advisories 18d ago
INFO
ScadaBR
rss:cisa-advisories 18d ago
INFO
ZKTeco CCTV Cameras
rss:cisa-advisories 18d ago
INFO
CISA Exposes Secrets, Credentials in 'Private' Repo
rss:darkreading 18d ago
INFO
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
The Hacker News 18d ago
INFO
GitHub investigates internal repositories breach claimed by TeamPCP
BleepingComputer 17d ago
INFO
GitHub confirms breach of 3,800 repos via malicious VSCode extension
BleepingComputer 17d ago
INFO
Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)
rss:cisa-advisories 17d ago
INFO
Senator presses CISA for answers about alleged GitHub repository leak
The Record 17d ago
INFO
GitHub confirms being hacked by TeamPCP, says customer data unaffected
The Record 17d ago
INFO
Grafana breach caused by missed token rotation after TanStack attack
BleepingComputer 17d ago
INFO
GitHub Confirms Breach, 4K Internal Repos Stolen
rss:darkreading 17d ago
INFO
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
The Hacker News 17d ago
INFO
GitHub links repo breach to TanStack npm supply-chain attack
BleepingComputer 16d ago
INFO
ABB Terra AC Wallbox
rss:cisa-advisories 16d ago
INFO
ABB B&R Automation Studio
rss:cisa-advisories 16d ago
INFO
ABB B&R Automation Runtime
rss:cisa-advisories 16d ago
INFO
ABB B&R PCs
rss:cisa-advisories 16d ago
INFO
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
SecurityWeek 15d ago
INFO
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
The Hacker News 15d ago
INFO
CISA Security Leak
rss:schneier 15d ago
INFO
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Krebs 15d ago
INFO
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
The Hacker News 14d ago
INFO
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
The Hacker News 14d ago
INFO
Laravel Lang packages hijacked to deploy credential-stealing malware
BleepingComputer 14d ago
INFO
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
SecurityWeek 12d ago
INFO
ABB Terra AC
rss:cisa-advisories 11d ago
INFO
ABB LVS MConfig
rss:cisa-advisories 11d ago
INFO
ABB Ability Camera Connect
rss:cisa-advisories 11d ago
INFO
Eppendorf BioFlo 320
rss:cisa-advisories 11d ago
INFO
ABB AbilityTM Zenon Remote Transport Vulnerability
rss:cisa-advisories 11d ago
INFO
ABB AC500 V2
rss:cisa-advisories 11d ago
INFO
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
rss:cisa-advisories 11d ago
INFO
Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
rss:darkreading 11d ago
INFO
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
The Hacker News 10d ago
INFO
ABB EIBPORT
rss:cisa-advisories 9d ago
INFO
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
rss:cisa-advisories 9d ago
INFO
ABB Busch-Welcome 2 Wire Door Opener Actuator
rss:cisa-advisories 9d ago
INFO
Fourth Frontier Frontier X Mobile Application, Frontier X2
rss:cisa-advisories 9d ago
INFO
CP Plus 8 Ch. Network Video Recorder
rss:cisa-advisories 9d ago
INFO
XCharge C6
rss:cisa-advisories 9d ago
INFO
KMW CCTV Security Cameras
rss:cisa-advisories 9d ago
INFO
MacGregor Voyage Data Recorder (VDR) G4e
rss:cisa-advisories 9d ago
INFO
Supply Chain Compromises Impact Nx Console and GitHub Repositories
rss:cisa-advisories 9d ago
INFO
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
The Hacker News 9d ago
INFO
Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more
The Record 8d ago
INFO
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
The Hacker News 5d ago
INFO
Red Hat removes tainted packages after software pipeline compromise
The Record 4d ago
INFO
VS Code zero-day lets hackers steal GitHub tokens in one click
BleepingComputer 3d ago
INFO
NAVTOR NavBox
rss:cisa-advisories 2d ago
INFO
Hitachi Energy MACH HiDraw
rss:cisa-advisories 2d ago
INFO
Hitachi Energy ITT600 Explorer
rss:cisa-advisories 2d ago
INFO
B&R PPT30 Operating System
rss:cisa-advisories 2d ago
INFO
Hitachi Energy RTU500
rss:cisa-advisories 2d ago
INFO
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
The Hacker News 2d ago
HIGH The Hacker News Mon, 18 May 2026 08:57:34 UTC
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html
TL;DR AI
Here is a 3-sentence summary for a technical security audience: Chaotic Eclipse has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day vulnerability, MiniPlasma, which grants attackers SYSTEM privileges on fully patched Windows systems, including Windows 11. The vulnerability, codenamed "cldflt.sys," impacts the Windows Cloud Files Mini Filter Driver and is still present despite Microsoft's initial patch in December 2020. The vulnerability was discovered by Chaotic Eclipse researcher James Forshaw, who found it in Google Project Zero's September 2020 report, and was initially thought to be fixed, but further investigation has confirmed that it remains unpatched.
supply-chainbreachesmalwarezero-day
Read full story ↗
Related coverage (19)
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
rss:darkreading 26d ago
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
rss:darkreading 25d ago
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
The Hacker News 24d ago
[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
The Hacker News 24d ago
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
The Hacker News 22d ago
Can Laws Stop Deepfakes? South Korea Aims to Find Out
rss:darkreading 20d ago
Processes and Culture Top Reasons Behind Data Breaches
rss:darkreading 17d ago
When Identity is the Attack Path
The Hacker News 16d ago
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The Hacker News 15d ago
Meta settles school district lawsuit claiming addictive design harmed students' mental health
The Record 15d ago
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
The Hacker News 14d ago
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
The Hacker News 12d ago
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Hacker News 11d ago
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
SecurityWeek 10d ago
California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
SecurityWeek 8d ago
California AG sues 23andMe over 2023 breach exposing health data
BleepingComputer 8d ago
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
SecurityWeek 3d ago
Chrome 149 Patches 429 Vulnerabilities
SecurityWeek 1d ago
EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers
The Record 1d ago