Security Articles

Microsoft Defender researchers disclosed a now-patched intent redirection vulnerability in EngageLab SDK that exposed over 50 million Android users, including 30 million cryptocurrency wallet users.

The Hacker News

01 min read

Security•2026-04-09

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A security bulletin on threats spanning hybrid botnets, decade-old exploits, fraud losses, and AI-enabled attacks.

The Hacker News

01 min read

Security•2026-04-09

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader has been actively exploited via malicious PDF files since at least December 2025.

The Hacker News

11 min read

Security•2026-04-09

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region

A hack-for-hire campaign linked to the threat actor Bitter targeted journalists, activists, and government officials across the MENA region using spear-phishing and Android spyware.

The Hacker News

21 min read

Security•2026-04-08

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

A new variant of the Chaos botnet malware has been identified targeting misconfigured cloud deployments, with notable capability additions including a SOCKS proxy feature.

The Hacker News

21 min read

Security•2026-04-08

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

This article covers Masjesu (XorBot), a DDoS-for-hire botnet targeting IoT devices globally since 2023.

The Hacker News

31 min read

Security•2026-04-08

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

APT28 (Forest Blizzard/Pawn Storm) has deployed a previously undocumented malware suite called PRISMEX in a spear-phishing campaign targeting Ukraine and NATO allies, active since at least September 2025.

Cloudflare

01 min read

Security•2026-04-08

From bytecode to bytes: automated magic packet generation

This post introduces a tool that uses symbolic execution and the Z3 theorem prover to automatically generate magic packets capable of triggering BPF-based Linux backdoors.

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic launched Project Glasswing, using Claude Mythos to find zero-day vulnerabilities across critical systems.

The Hacker News

21 min read

Security•2026-04-08

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

North Korean threat actors behind the 'Contagious Interview' campaign have distributed over 1,700 malicious packages across npm, PyPI, Go, Rust, and PHP ecosystems since January 2025.

Cloudflare

11 min read

Security•2026-04-07

Cloudflare targets 2029 for full post-quantum security

Cloudflare accelerates its post-quantum roadmap to achieve full PQ security including authentication by 2029.

Post-Quantum

Security