The Hacker News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come ...
The Hacker News

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Grafana disclosed an unauthorized party accessed its GitHub environment and downloaded its codebase via a token.
The Hacker News

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

CISA added CVE-2026-20182, a CVSS 10.0 Cisco Catalyst SD-WAN Controller authentication bypass flaw, to its KEV catalog.
The Hacker News

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft’s new MDASH AI system found 16 Windows vulnerabilities fixed in this month’s Patch Tuesday, including 2 RCE flaws ...
The Hacker News

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more ...
The Hacker News

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...
The Hacker News

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

OpenAI launched Daybreak with GPT-5.5-Cyber tools as AI accelerates vulnerability discovery and exploit timelines.
The Hacker News

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Turla turns Kazuar into a 3-module P2P botnet, enabling stealthy C2, resilient tasking, and persistent access.
The Hacker News

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Instructure paid a ransom after hackers stole 275 million Canvas records, reducing risks of wider extortion and leaks.
The Hacker News

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...
The Hacker News

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Apple released iOS 26.5 with E2EE RCS messaging, enabling secure cross-platform chats between iPhone and Android users.
The Hacker News

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.