The Hacker News

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

China-linked Amaranth-Dragon and Mustang Panda target Southeast Asian governments using WinRAR exploit and PlugX phishing ...
The Hacker News

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

DEAD#VAX campaign delivers AsyncRAT via IPFS-hosted VHD phishing files, using fileless memory injection and obfuscated ...
The Hacker News

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Microsoft develops a lightweight scanner that detects backdoors in open-weight LLMs using three behavioral signals, improving ...
The Hacker News

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

CISA adds an actively exploited SolarWinds Web Help Desk RCE flaw to KEV, ordering federal agencies to patch by February 2026 ...
The Hacker News

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Early incident response decisions—evidence preservation, execution analysis, and logging visibility—determine investigation ...
The Hacker News

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.
The Hacker News

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls.
The Hacker News

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Python infostealers are spreading from Windows to macOS via Google Ads, ClickFix lures, and fake installers to steal credentials and financial data.