The Hacker News

Today’s signal The Hacker News recently reported Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys. Published context: June 20, 2026. Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that’s installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API ke ...

Today’s signal The Hacker News recently reported The Top 10 Attack Surface Exposures in 2026. Published context: June 17, 2026. Breaches don’t always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without authentication — anything internet-facing is immediately at risk. Wit ...

Today’s signal The Hacker News recently reported Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week. Published context: June 16, 2026. Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours. CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability ...

Today’s signal The Hacker News recently reported Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw. Published context: June 15, 2026. Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS softwar ...

Today’s signal The Hacker News recently reported Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication. Published context: June 13, 2026. Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. “In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user ...

Today’s signal The Hacker News recently reported GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks. Published context: June 11, 2026. GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the “npm install” command to trigger the execution of malicious code using npm lifecycle hooks. “Npm install” is used to download a ...

Today’s signal The Hacker News recently reported Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE. Published context: June 10, 2026. A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrar ...

Today’s signal The Hacker News recently reported ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities. Published context: June 11, 2026. The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google’s Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory un ...

Today’s signal The Hacker News recently reported Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities. Published context: June 10, 2026. Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It’s tracked as CVE-2026- ...

Today’s signal The Hacker News recently reported Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now. Published context: June 9, 2026. Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine. “Out-of-bounds read and write in V8 in Goog ...

Today’s signal The Hacker News recently reported IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks. Published context: June 5, 2026. Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer “scrapes every secret it can find on a developer’s machine, hides be ...

Today’s signal The Hacker News recently reported OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack. Published context: June 1, 2026. Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for d ...