The Hacker News • 23rd April 2026

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system.
"Sandbox escape vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal," according to a description of the flaw in CVE.org.

Developed by Cohere AI as an open-source project, Terrarium is...

The Hacker News • 23rd April 2026

Toxic Combinations: When Cross-App Permissions Stack into Risk

On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents.
The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API keys shared between agents, stored in the same unencrypted table as the tokens needed to hijack the agent itself.
This is the shape...

The Hacker News • 23rd April 2026

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.
"The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses," the Symantec and Carbon Black Threat Hunter Team said in a report shared with The Hacker News.
The cybersecurity company said it identified artifa...

The Hacker News • 23rd April 2026

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens.
The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of an ICP canister to exfiltrate the stolen data, in a tactic reminiscent of TeamPCP's CanisterWorm to make the infrastructure resilient to takedowns....

The Hacker News • 22nd April 2026

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation.
The list of vulnerabilities is as follows -
It's worth noting that CISA added CVE-2024-27198, another flaw impacting on-premise versions of JetBrains TeamCity, to the KEV catalog in March 2024. It's not known at this stage if both vulne...

The Hacker News • 22nd April 2026

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution.
The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sanitization in Antigravity's native file-searching tool, find_by_name, to bypass the program's Strict Mode, a restrictive security configuration that limits network access, prevents out-of-workspace writ...

The Hacker News • 22nd April 2026

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials.
Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing from prior breach databases, password spraying against exposed services, or phishing campaigns — and...

The Hacker News • 22nd April 2026

5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time

Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage. 
The root cause of slow MTTR is almost never "not enough analysts." It is almost always the same structural problem: threat intelligence that exists outside the workflow. Feeds that require manual lookup. Reports that live in a shared drive. Enrichment that happ...

The Hacker News • 22nd April 2026

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them.
The vulnerabilities have been collectively codenamed BRIDGE:BREAK by Forescout Research Vedere Labs, which identified nearly 20,000 Serial-to-Ethernet converters exposed online globally.
"Some of these vulnerabilities allow attackers to take full control of mission-criti...

Latest Hacking News | Cyber Security News, Hacking • 21st April 2026

How to Develop a Risk Management Framework - Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses

Today’s cybersecurity landscape is at its most innovative yet complicated point. Risk leaders often face complicated data-handling realities, ranging from decentralization to ambiguous ownership. These obstacles hinder effective protection of critical assets, leaving them vulnerable to sophisticated attacks.
Establishing a robust risk management framework has become a nonnegotiable for institutions. It shifts the organization’s security posture from reactive defense to strategic oversight.
We’ve...

The Hacker News • 21st April 2026

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust.
There’s also a shift in how attacks run. Slower check-ins, multi-stage payloads, andmore code kept in memory. Attackers lean on real tools and norm...

Latest Hacking News | Cyber Security News, Hacking • 20th April 2026

The Supply Chain Is the New Battlefield: How One Weak Link Compromises Entire Ecosystems - Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses

The expansion of supply chain attacks has made dark web monitoring, exposed asset monitoring, and cyber signal intelligence essential for understanding risk across interconnected environments. This aligns directly with how platforms like Lunar approach security, focusing on identifying exposed relationships, compromised access, and early external signals that indicate risk spreading across partners, vendors, and third-party services. Modern attacks unfold across ecosystems, and visibility must e...

The Hacker News • 19th April 2026

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42.
The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 digital video recording devices, to deliver a Mirai variant called Nexcorium.
"...

The Hacker News • 18th April 2026

Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals.
The ongoing effort, dubbed Operation PowerOFF, disrupted access to the DDoS-for-hire services, took down the technical infrastructure supporting them, and obtained access to databases containing over 3 million criminal user accounts. Authorities are also sending warning emails...

The Hacker News • 18th April 2026

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE submissions.
"CVEs that do not meet those criteria will still be listed in the NVD but will not automatically be enriched by NIST," it said. "This change is driven by a surge in CVE submissions, which...

The Hacker News • 18th April 2026

Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul

Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025.
The new policy updates relate to contact and location permissions in Android, allowing third-party apps to access the contact lists and a user's location in a more privacy-friendly manner. This includes a new Contact Picker, which offers a standardized, secu...

The Hacker News • 17th April 2026

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service.
The details of the vulnerabilities are below -
"A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root," Cisco said in an advisory for CVE-2026-20147, CVE-2026-20180, and CVE-2026-201...

The Hacker News • 17th April 2026

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025.
"PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections," Cisco Talos researcher Chetan Raghuprasad said in a report published today.
"PowMix embeds the encrypted heartbeat data along...

The Hacker News • 16th April 2026

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild.
Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are classified as privilege escalation, followed by 21 information disclosure, 21 remote code execution, 14 security feature bypass, 10 spoofing, and ni...

The Hacker News • 16th April 2026

Deterministic + Agentic AI: The Architecture Exposure Validation Requires

Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed reported that AI is already in use across their organizations.
Security testing is inevitably part of that shift. Modern...