The Hacker News

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

PhantomCore exploited three TrueConf flaws since September 2025, enabling remote access and lateral movement across Russian ...

Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining

Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy ...
The Hacker News

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.

Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack

Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a ...
Windows Report

CISA Orders Urgent Patch for Actively Exploited Windows Shell Vulnerability

CISA orders urgent patching of a Windows Shell flaw actively exploited in zero-click attacks. Federal agencies must update by ...

Incomplete fix for Fancy Bear exploit opens zero-click hole in Windows

Microsoft's partial patching in February 2026 of a zero-day vulnerability abused by Russian state-sponsored threat group ...
SecurityWeek

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

An OpenSSH vulnerability introduced 15 years ago could allow attackers to obtain full root shell access to vulnerable servers ...
Dark Reading

Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error

The emerging ransomware has been deployed in the TeamPCP supply chain attacks, but victims should think twice before paying ...

Threat actor uses Microsoft Teams to deploy new “Snow” malware

A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a ...
Opinion

China’s beachhead in the Balkans

Serbia is playing a dangerous game with the West. While the European Union and the United States are pursuing a partnership with and EU membership for Serbia, Serbia is cultivating a rapidly expanding ...
SecurityWeek

Incomplete Windows Patch Opens Door to Zero-Click Attacks

Incomplete patch for a Windows SmartScreen and Windows Shell security prompts bypass created a new bug enabling zero-click ...
TMCnet

Codezero Launches Cordon: One Command to Keep Credentials Safe Across AI Coding Agents

AI coding agents are now indispensable. Claude Code, Codex, and Hermes write code, call APIs, run commands, and automate workflows at extraordinary speed. But to do their jobs, they need credentials ...