News
What Changes When Your Software Supply Chain Includes AI Writing Your Code?
1+ hour, 45+ min ago (378+ words) Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, "software supply chain security" meant one question: what's in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody…...
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
5+ hour, 46+ min ago (269+ words) Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can…...
Beyond Trust Patches Critical Auth Bypass Flaws in Remote Support and PRA
7+ hour, 36+ min ago (257+ words) Beyond Trust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below…...
Contagious Interview " Latest News, Reports & Analysis
23+ hour, 24+ min ago (82+ words) The Hacker News Contagious Interview | Breaking Cybersecurity News | The Hacker News North Korean Hackers Publish 108 Malicious Packages and Extensions in Polin Rider Campaign AI-Speed Attacks Are Forcing a Rethink of Incident Response Breach Transparency Remains Cybersecurity's Toughest Governance Problem Beyond…...
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
19+ hour, 38+ min ago (358+ words) Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9. 8), a vulnerability that stems from the Dev Ops platform trusting the…...
" Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake Po C Malware and More
23+ hour, 45+ min ago (251+ words) A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became…...
How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions
1+ day, 1+ hour ago (378+ words) Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy…...
Skill Cloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
1+ day, 6+ hour ago (1089+ words) Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a'new study'from researchers at the Hong Kong University of Science and Technology. Their strongest…...
New Troj Pix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions
1+ day, 4+ hour ago (554+ words) Researchers at'Shandong University'have shown a fast new way to pull data off computers that are cut off from every network. The technique, called'Troj Pix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them…...
New Java-Based Quima RAT Maa S Built to Run on Windows, Linux, and mac OS
1+ day, 4+ hour ago (760+ words) Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called Quima RAT that's capable of targeting Windows, Linux, and mac OS environments. According to Level Blue, the cross-platform malware is advertised under a malware-as-a-service (Maa S) model, costing anywhere…...