The Hacker News

Today’s signal The Hacker News recently reported AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites. Published context: May 27, 2026. Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. “This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations,” Microsoft Defen The reason this matters is simple: buyers are paying attention to speed, operational resilience, and credible technical execution. A trending story can create awareness, but the business question is what a team should do with that attention. ...

Today’s signal The Hacker News recently reported Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels. Published context: May 29, 2026. The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. “Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fak ...

Today’s signal The Hacker News recently reported GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure. Published context: May 27, 2026. CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. “Since at least early 2025, GlassWorm operators have systematically The reason this matters is simple: buyers are paying attention to speed, operational resilience, and credible technical execution. A trending story can create awareness, but the business question is what a team should do with that attention. ...

Today’s signal The Hacker News recently reported CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks. Published context: May 26, 2026. The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible” to safeguard against potential threats stemming from threat actors’ abuse of artificial intelligence (AI) tools and large language mode ...

Today’s signal The Hacker News recently reported The Alert Firehose Finally Meets Its Match. Published context: May 25, 2026. Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear “Noisy,” “Too much data.” But ask the teams running NDR that includes agentic AI capabilities and you’ll hear they’re actually using it to catch threats earlier, triage faster, and chase fewer false positives. The old complaint lingers in part because reputations are ...

Today’s signal The Hacker News recently reported TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO. Published context: May 25, 2026. A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecos ...

Today’s signal The Hacker News recently reported npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks. Published context: May 23, 2026. GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authe ...

Today’s signal The Hacker News recently reported Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials. Published context: May 19, 2026. In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. “Every existing tag in the repository has been moved to point to an imposter commit that does not appear i ...

Today’s signal The Hacker News recently reported MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems. Published context: May 18, 2026. Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability impacts “cldflt.sys,” which refers to the Wind ...

Today’s signal The Hacker News recently reported Developer Workstations Are Now Part of the Software Supply Chain. Published context: May 18, 2026. Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud crede ...

Today’s signal The Hacker News recently reported Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise. Published context: May 8, 2026. A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. “QLNX targets developers and DevOps credentia ...

Today’s signal The Hacker News recently reported DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware. Published context: May 5, 2026. A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. “These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers,” Kaspersky researchers Igor Kuzne ...