News

The Hacker News
thehackernews. com > 2026 > 07 > what-changes-when-your-software-supply. html

What Changes When Your Software Supply Chain Includes AI Writing Your Code?

1+ hour, 45+ min ago  (378+ words) Software supply chain security was hard enough. Then AI joined the build pipeline. For five years, "software supply chain security" meant one question: what's in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody…...

Symbols: btc-usd
The Hacker News
thehackernews. com > 2026 > 07 > certcc-warns-of-hidden-admin-backdoor. html

CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

5+ hour, 46+ min ago  (269+ words) Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can…...

Symbols: dlink.sh
The Hacker News
thehackernews. com > 2026 > 07 > beyondtrust-patches-critical-auth. html

Beyond Trust Patches Critical Auth Bypass Flaws in Remote Support and PRA

7+ hour, 36+ min ago  (257+ words) Beyond Trust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below…...

Symbols: cwe-78,cwe-89
The Hacker News
thehackernews. com > search > label > Contagious%20 Interview

Contagious Interview " Latest News, Reports & Analysis

23+ hour, 24+ min ago  (82+ words) The Hacker News Contagious Interview | Breaking Cybersecurity News | The Hacker News North Korean Hackers Publish 108 Malicious Packages and Extensions in Polin Rider Campaign AI-Speed Attacks Are Forcing a Rethink of Incident Response Breach Transparency Remains Cybersecurity's Toughest Governance Problem Beyond…...

Symbols: covid-19,mdr-tb
The Hacker News
thehackernews. com > 2026 > 07 > threat-actors-probe-gitea-docker-flaw. html

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

19+ hour, 38+ min ago  (358+ words) Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9. 8), a vulnerability that stems from the Dev Ops platform trusting the…...

Symbols: cwe-77
The Hacker News
thehackernews. com > 2026 > 07 > monday-recap-proxy-botnets-browser. html

" Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake Po C Malware and More

23+ hour, 45+ min ago  (251+ words) A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became…...

The Hacker News
thehackernews. com > 2026 > 07 > how-to-evaluate-ai-soc-platform-in-2026. html

How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions

1+ day, 1+ hour ago  (378+ words) Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy…...

Symbols: btc-usd,nasdaq:nvda
The Hacker News
thehackernews. com > 2026 > 07 > new-skillcloak-technique-lets-malicious. html

Skill Cloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

1+ day, 6+ hour ago  (1089+ words) Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a'new study'from researchers at the Hong Kong University of Science and Technology. Their strongest…...

Symbols: btc-usd,eth-usd,cwe-80,lloy.l,shel.l,0dp9.il
The Hacker News
thehackernews. com > 2026 > 07 > new-trojpix-attack-leaks-data-from-air. html

New Troj Pix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions

1+ day, 4+ hour ago  (554+ words) Researchers at'Shandong University'have shown a fast new way to pull data off computers that are cut off from every network. The technique, called'Troj Pix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them…...

Symbols: nyse:rtx
The Hacker News
thehackernews. com > 2026 > 07 > new-java-based-quimarat-maas-built-to. html

New Java-Based Quima RAT Maa S Built to Run on Windows, Linux, and mac OS

1+ day, 4+ hour ago  (760+ words) Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called Quima RAT that's capable of targeting Windows, Linux, and mac OS environments. According to Level Blue, the cross-platform malware is advertised under a malware-as-a-service (Maa S) model, costing anywhere…...

Symbols: nasdaq:tls