1016 items
Unread (2153) All Dismissed
HIGH
CVE-2026-41552 (CVSS 7.5) — PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due ...
NVD CVE-2026-41552 22d ago
HIGH
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
The Hacker News supply-chainbreachesmalware 22d ago
HIGH
CVE-2026-24899 (CVSS 7.5) — Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's...
NVD CVE-2026-24899 22d ago
HIGH
CVE-2026-6332 (CVSS 7.5) — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclo...
NVD CVE-2026-6332 22d ago
HIGH
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
The Hacker News CVE-2026-20182supply-chainbreaches +1 22d ago
INFO
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The Hacker News 22d ago
HIGH
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
The Hacker News supply-chainbreachesmalware +16 17d ago
INFO
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
rss:unit42 35d ago
INFO
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
rss:darkreading 25d ago
HIGH
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
The Hacker News 22d ago
HIGH
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
The Hacker News 19d ago
HIGH
Developer Workstations Are Now Part of the Software Supply Chain
The Hacker News 19d ago
HIGH
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
The Hacker News 19d ago
HIGH
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
The Hacker News 18d ago
INFO
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
SecurityWeek 17d ago
INFO
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
The Hacker News 12d ago
INFO
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
The Hacker News 8d ago
INFO
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
The Hacker News 4d ago
INFO
Red Hat npm packages compromised to steal developer credentials
BleepingComputer 4d ago
INFO
Supply Chain Attack Hits 32 Red Hat NPM Packages
SecurityWeek 4d ago
INFO
New IronWorm malware hits 36 packages in npm supply-chain attack
BleepingComputer 2d ago
INFO
Rust-Written IronWorm Hits NPM Supply Chain
rss:darkreading 1d ago
INFO
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
The Hacker News 21h ago
HIGH
CVE-2026-42283 (CVSS 7.7) — DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3....
NVD CVE-2026-42283 22d ago
HIGH
CVE-2026-42281 (CVSS 8.6) — MagicMirror² is an open source modular smart mirror platform. Prior to 2.36.0, an unauthenticated Se...
NVD CVE-2026-42281 22d ago
HIGH
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
The Hacker News supply-chainbreachesmalware 22d ago
HIGH
Microsoft shares mitigation for YellowKey Windows zero-day
BleepingComputer breachesransomwaresupply-chain +48 17d ago
INFO
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
The Hacker News 24d ago
INFO
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
The Hacker News 24d ago
HIGH
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
The Hacker News 23d ago
INFO
Zero-Day Exploit Against Windows BitLocker
rss:schneier 19d ago
INFO
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
The Hacker News 18d ago
INFO
The New Phishing Click: How OAuth Consent Bypasses MFA
The Hacker News 18d ago
INFO
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
SecurityWeek 18d ago
HIGH
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
SecurityWeek 17d ago
INFO
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
rss:darkreading 17d ago
HIGH
Cybercrime service disrupted for abusing Microsoft platform to sign malware
BleepingComputer 17d ago
INFO
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
The Hacker News 17d ago
INFO
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
The Hacker News 17d ago
INFO
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
SecurityWeek 17d ago
INFO
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
The Hacker News 16d ago
INFO
Microsoft warns of new Defender zero-days exploited in attacks
BleepingComputer 16d ago
INFO
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
SecurityWeek 16d ago
INFO
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
rss:darkreading 15d ago
INFO
FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
The Record 14d ago
INFO
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
BleepingComputer 12d ago
INFO
Microsoft: Domain Controller lookup may fail on Windows Server 2016
BleepingComputer 11d ago
INFO
Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations
SecurityWeek 11d ago
INFO
Microsoft Defender can now automatically isolate hacked endpoints
BleepingComputer 11d ago
INFO
Microsoft Issues Out-of-Band SharePoint Patch
rss:darkreading 10d ago
INFO
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
The Hacker News 10d ago
INFO
Windows 11 KB5089573 update released with performance improvements
BleepingComputer 10d ago
INFO
Microsoft fixes KB5089549 Windows security update install issues
BleepingComputer 5d ago
INFO
Microsoft confirms outage affecting MFA, My Sign-Ins platform
BleepingComputer 5d ago
INFO
Microsoft fixes outage affecting MFA setup, MySignIn service
BleepingComputer 5d ago
INFO
Microsoft says it will not pursue security researchers after zero-day backlash
The Record 5d ago
INFO
Microsoft investigates Office Apps, Teams file access issues
BleepingComputer 5d ago
INFO
Microsoft's Zero-Day Legal Threats Spark Backlash
rss:darkreading 4d ago
INFO
Microsoft Threatening Security Researcher
rss:schneier 4d ago
INFO
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
SecurityWeek 4d ago
INFO
Microsoft Exchange Online outage causes email delays, failures
BleepingComputer 3d ago
INFO
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
rss:darkreading 3d ago
INFO
Microsoft's Coreutils project brings Linux commands to Windows
BleepingComputer 3d ago
INFO
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
The Hacker News 3d ago
INFO
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
SecurityWeek 3d ago
INFO
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
The Hacker News 3d ago
INFO
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
The Hacker News 3d ago
INFO
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
rss:darkreading 2d ago
INFO
VS Code Vulnerability Allows One-Click GitHub Token Theft
SecurityWeek 2d ago
INFO
Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process
The Record 2d ago
INFO
Microsoft blames unexpected Windows driver updates on caching issue
BleepingComputer 2d ago
INFO
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The Hacker News 1d ago
INFO
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
The Hacker News 1d ago
INFO
Chinese APT deploys new malware to keep access to hacked networks
BleepingComputer 21h ago
INFO
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
The Hacker News 8h ago
HIGH
CVE-2026-44439 (CVSS 7.5) — PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCa...
NVD CVE-2026-44439 23d ago
HIGH
CVE-2026-45033 (CVSS 7.8) — GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.4...
NVD CVE-2026-45033 23d ago
HIGH
CVE-2026-44470 (CVSS 7.8) — The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple s...
NVD CVE-2026-44470 23d ago
HIGH
CVE-2026-44295 (CVSS 8.7) — protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static cod...
NVD CVE-2026-44295 23d ago
HIGH
CVE-2026-42290 (CVSS 7.8) — protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JS...
NVD CVE-2026-42290 23d ago
HIGH
CVE-2026-39806 (CVSS 7.5) — Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauth...
NVD CVE-2026-39806 24d ago
HIGH
CVE-2026-39803 (CVSS 7.5) — Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthen...
NVD CVE-2026-39803 24d ago
HIGH
CVE-2024-47091 (CVSS 7.8) — Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2....
NVD CVE-2024-47091 24d ago
HIGH
CVE-2026-44301 (CVSS 8.1) — Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses No...
NVD CVE-2026-44301 24d ago
HIGH
CVE-2026-42844 (CVSS 8.8) — Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user wit...
NVD CVE-2026-42844 24d ago
HIGH
CVE-2026-34653 (CVSS 8.7) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34653 24d ago
HIGH
CVE-2026-34652 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34652 24d ago
HIGH
CVE-2026-34651 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34651 24d ago
HIGH
CVE-2026-34650 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34650 24d ago
HIGH
CVE-2026-34649 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34649 24d ago
HIGH
CVE-2026-34648 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34648 24d ago
HIGH
CVE-2026-34647 (CVSS 7.4) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34647 24d ago
HIGH
CVE-2026-34646 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34646 24d ago
HIGH
CVE-2026-34645 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34645 24d ago
HIGH
CVE-2026-44166 (CVSS 7.6) — Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situati...
NVD CVE-2026-44166 24d ago
HIGH
CVE-2026-42831 (CVSS 7.8) — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local...
NVD CVE-2026-42831 24d ago
HIGH
CVE-2026-40420 (CVSS 8.8) — Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate pr...
NVD CVE-2026-40420 24d ago
HIGH
CVE-2026-40419 (CVSS 7.8) — Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
NVD CVE-2026-40419 24d ago
HIGH
CVE-2026-40418 (CVSS 7.8) — Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges ...
NVD CVE-2026-40418 24d ago
HIGH
CVE-2026-40417 (CVSS 7.8) — Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges...
NVD CVE-2026-40417 24d ago
HIGH
CVE-2026-40367 (CVSS 8.4) — Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co...
NVD CVE-2026-40367 24d ago
HIGH
CVE-2026-40366 (CVSS 8.4) — Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
NVD CVE-2026-40366 24d ago
HIGH
CVE-2026-40364 (CVSS 8.4) — Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una...
NVD CVE-2026-40364 24d ago
HIGH
CVE-2026-40363 (CVSS 8.4) — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local...
NVD CVE-2026-40363 24d ago
HIGH
CVE-2026-40362 (CVSS 7.8) — Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code...
NVD CVE-2026-40362 24d ago
HIGH
CVE-2026-40361 (CVSS 8.4) — Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
NVD CVE-2026-40361 24d ago
HIGH
CVE-2026-40360 (CVSS 7.8) — Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information...
NVD CVE-2026-40360 24d ago
HIGH
CVE-2026-40359 (CVSS 7.8) — Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
NVD CVE-2026-40359 24d ago
HIGH
CVE-2026-40358 (CVSS 8.4) — Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
NVD CVE-2026-40358 24d ago
HIGH
CVE-2026-35438 (CVSS 8.3) — Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges ov...
NVD CVE-2026-35438 24d ago
HIGH
CVE-2026-35436 (CVSS 8.8) — Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized att...
NVD CVE-2026-35436 24d ago
HIGH
CVE-2026-32687 (CVSS 7.8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...
NVD CVE-2026-32687 25d ago
HIGH
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
The Hacker News supply-chainbreachesmalware +3 25d ago
INFO
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
rss:darkreading 29d ago
INFO
GitHub Confirms Hack Impacting 3,800 Internal Repositories
SecurityWeek 17d ago
INFO
The Hackers Behind Shai-Hulud: Lucky or Skilled?
rss:darkreading 10d ago
HIGH
CVE-2026-7790 (CVSS 0) — Uncontrolled Resource Consumption vulnerability in ninenines cowlib (cow_http_te module) allows Exce...
NVD CVE-2026-7790 25d ago
HIGH
CVE-2026-42349 (CVSS 8.1) — Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect...
NVD CVE-2026-42349 25d ago
HIGH The Hacker News Thu, 14 May 2026 17:45:20 UTC
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
https://thehackernews.com/2026/05/cisco-catalyst-sd-wan-controller-auth.html
TL;DR
Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability in the peering authentication in Cisco Ca
CVE-2026-20182supply-chainbreachesmalwarezero-day
Read full story ↗
Related coverage (1)
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The Hacker News 22d ago