Please turn JavaScript on
The Hacker News icon

The Hacker News

Follow The Hacker News's news and updates in a matter of seconds! We will deliver any update via email, phone or you can read them from here on the site on your own news page.

You can even combine different feeds with the feed for The Hacker News.

Subscribing and unsubscribing is fast, easy and risk free.

The whole service is free of cost.

The Hacker News: The Hacker News | #1 Trusted Cybersecurity News Site

Is this your feed? Claim it!

Publisher:  Unclaimed!
Message frequency:  3.52 / day

Message History

Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux. Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer du...

Read full story
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. "At Balochistan Police, the compromised assets included servers hosting web applications that manage police and citizen data, such as cr...

Read full story
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE ide...

Read full story
Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it says it took "out of an abundance of caution" while it works with internal and externa...

Read full story
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected], came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. T...

Read full story