Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining

Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy ...
The Hacker News

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

Sleeper packages in Ruby and Go steal credentials and alter CI workflows, leading to persistent access and data exfiltration.
The Hacker News

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Harvester deploys Linux GoGra via Microsoft Graph API in South Asia, targeting India and Afghanistan since 2021, enabling ...
Forbes

Angry Hacker Drops Microsoft Zero-Day Exploit, 1 Billion Users Warned

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
Morningstar

Orca Security Report Reveals Widespread AI Credential Leaks and Persistent Log4Shell Exposure

Orca Security, the pioneer in agentless cloud security, today released its 2026 State of Application Security Report, finding that while organizations are accelerating cloud-native development and AI ...
Yahoo Finance

Orca Security Report Reveals Widespread AI Credential Leaks and Persistent Log4Shell Exposure

PORTLAND, Ore., April 07, 2026--(BUSINESS WIRE)--Orca Security, the pioneer in agentless cloud security, today released its 2026 State of Application Security Report, finding that while organizations ...
Bleeping Computer

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. Dubbed ...
Wall Street Journal

AI Is Finding Bugs That Hackers Can Exploit. Get Ready for Bugmageddon.

The software bug was capable of crashing an operating system used by firewalls, servers and network appliances. It went undetected for over 27 years. Last month, it was caught by Mythos, the latest AI ...
Dark Reading

'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues

The leak online of exploit code for an apparent Windows zero-day flaw dubbed "BlueHammer" could be the sign of a larger issue that security researchers face when collaborating with Microsoft on ...
CoinTelegraph

Drift Protocol says $280M exploit took 'months of deliberate preparation'

Drift Protocol said with “medium-high confidence” that the recent attack was carried out by the same actors responsible for the $58 million Radiant Capital hack in October 2024. Drift Protocol, the ...
CSO Online

Hackers exploit Vercel’s trust in AI integration

Compromised Context.ai integration let attackers inherit Vercel employee access and reach internal systems, exposing a ...
CoinDesk

Drift says $270 million exploit was a six-month North Korean intelligence operation

A six-month intelligence operation preceded the $270 million exploit of Drift Protocol and was carried out by a North Korean state-affiliated group, according to a detailed incident update published ...