Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks

A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ...
The Hacker News

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

Sleeper packages in Ruby and Go steal credentials and alter CI workflows, leading to persistent access and data exfiltration.
SecurityWeek

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were affected by the Mini Shai-Hulud supply chain attack that hit the PyPi, NPM, and PHP ecosystems ...

The most severe Linux threat to surface in years catches the world flat-footed

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of ...
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
Dark Reading

'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues

The leak online of exploit code for an apparent Windows zero-day flaw dubbed "BlueHammer" could be the sign of a larger issue that security researchers face when collaborating with Microsoft on ...
Forbes

Angry Hacker Drops Microsoft Zero-Day Exploit, 1 Billion Users Warned

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
Morningstar

Orca Security Report Reveals Widespread AI Credential Leaks and Persistent Log4Shell Exposure

Orca Security, the pioneer in agentless cloud security, today released its 2026 State of Application Security Report, finding that while organizations are accelerating cloud-native development and AI ...
New York Post

Google issues 2nd security warning in days over Chrome browser attacks

It’s a case of search-engine failure. Google has issued a security alert to Chrome users after confirming that cybercriminals had exploited a vulnerable system, marking the second such advisory in ...
Crowdfund Insider

DeFi Hack : Solana based Drift Protocol Hit by Record $285M Exploit

Solana-based perpetual futures exchange Drift Protocol fell victim to a large-scale security breach on April 1, 2026. On-chain monitoring firms reported that attackers siphoned roughly $285 million in ...
CoinDesk

North Koreans hackers likely behind $286 million Drift Protocol exploit: Elliptic

Elliptic said Thursday the $285 million Drift Protocol exploit, the largest this year, carries “multiple indicators” of North Korea’s state-sponsored DPRK hacker group involvement. The research firm ...
TechRepublic

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to ‘DarkSword’ Exploit

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to ‘DarkSword’ Exploit Your email has been sent In a rare move, Apple is rewriting its own security playbook to stop a fast-spreading ...