The Hacker News

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

DEEP#DOOR embeds a Python RAT in a dropper script, using bore[.]pub C2 to steal credentials and evade Windows defenses, ...
Cybernews

One tiny exploit gives full Linux access: all kernels since 2017 are vulnerable

The critical "Copy Fail" bug (CVE-2026-31431) affects all Linux kernels since 2017, allowing unprivileged local users to gain ...

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
How-To Geek on MSN

The de-bloating PowerShell command I run on every Windows install

You can get rid of ads and make Windows usable with just a few clicks.
Dark Reading

UNC6692 Combines Social Engineering, Malware, Cloud Abuse

A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...
TechJuice

Hackers Deploy SNOW Malware Suite via Microsoft Teams

A cyber group is impersonating IT helpdesk staff via Microsoft Teams to deploy malware and target corporate systems.
Decrypt

Google Fixes AI Coding Tool Flaw That Let Attackers Execute Malicious Code: Report

Researchers say a prompt injection bug in Google's Antigravity AI coding tool could have let attackers run commands, despite ...

The "Post and Pray" Era is Dead: The 3-Step AI Workflow for Lean Brands to Dominate TikTok ...

For modern e-commerce operators, relying on manual content creation or generic AI prompts is a guaranteed path to burnout and low ROAS. The most effective TikTok strategy in 2026 leverages a ...

Salesforce launches Headless 360 to turn its entire platform into infrastructure for AI agents

Salesforce launched Headless 360 at TDX, opening its CRM platform to AI agents through APIs, MCP tools and CLI commands in a ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...
SecurityWeek

Fake Claude Website Distributes PlugX RAT

A website posing as a legitimate Anthropic Claude domain was caught serving a remote access trojan to its visitors, Malwarebytes reports. Relying on Claude’s popularity, a threat actor created a site ...