The Hacker News

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Three LangChain flaws enable data theft across LLM apps, affecting millions of deployments, exposing secrets and files.
The Hacker News

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...
The Hacker News

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

China-linked Red Menshen embeds BPFDoor in telecom networks since 2021, enabling stealth espionage via kernel implants.
The Hacker News

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks

Coruna reuses Triangulation kernel exploits targeting iOS 13–17.2.1 devices, expanding attacks into mass exploitation ...
The Hacker News

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

Validate your security posture with real attacker behavior using continuous, CTI-driven testing to uncover gaps and prove ...
The Hacker News

Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
The Hacker News

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

AI agents executed 80–90% of espionage tasks in 2025; compromised agents bypass kill chain, enabling stealth access and data ...
The Hacker News

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

FCC bans foreign routers after security findings warn of supply chain risks and cyberattacks on infrastructure, impacting ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...
The Hacker News

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

Russian authorities arrested the alleged admin of LeakBase, a cybercrime forum operating since 2021 that enabled trading ...