Cyber Hawk

The Hacker News

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

May 18, 2026

Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified…

The Hacker News

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

May 18, 2026

Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw…

The Hacker News

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

May 17, 2026

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracke…

The Hacker News

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

May 17, 2026

Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our inv…

The Hacker News

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

May 16, 2026

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkou…

The Hacker News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

May 15, 2026

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-20…

The Hacker News

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

May 14, 2026

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KE…

Bitcoin Mining

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

Popular Feeds

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Featured News

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Random Posts

Popular Posts

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Bitcoin Mining

Share

Popular Feeds

Featured News

Random Posts

Popular Posts