The Hacker News Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to admin@thehackernews.com
-
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploitby info@thehackernews.com (The Hacker News) on May 29, 2026 at 2:39 pmAn unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised
-
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacksby info@thehackernews.com (The Hacker News) on May 29, 2026 at 11:31 amA previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to
-
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacksby info@thehackernews.com (The Hacker News) on May 29, 2026 at 10:30 amShadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a prompt to a product. The risk surface moved with it. In The Shadow Builders report (get it here), a
-
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secretsby info@thehackernews.com (The Hacker News) on May 29, 2026 at 9:11 amCybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to
-
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnelsby info@thehackernews.com (The Hacker News) on May 29, 2026 at 5:57 amThe North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged
-
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Codeby info@thehackernews.com (The Hacker News) on May 28, 2026 at 5:24 pmA critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier. "The vulnerability allows any authenticated user to achieve remote code execution (RCE) on
-
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealerby info@thehackernews.com (The Hacker News) on May 28, 2026 at 3:26 pmThreat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints," Arctic Wolf said. "Threat actors disguised the credential stealer payload as a Fortinet endpoint
-
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removalby info@thehackernews.com (The Hacker News) on May 28, 2026 at 1:53 pmMicrosoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day
