Security Articles

Three security vulnerabilities in LangChain and LangGraph frameworks expose filesystem data, environment secrets, and conversation history in enterprise AI deployments.

The Hacker News

21 min read

Security•2026-03-26

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

This article covers Red Menshen, a China-linked threat actor, using the stealthy BPFDoor Linux backdoor to conduct long-term espionage via telecom networks.

The Hacker News

41 min read

Security•2026-03-26

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

A zero-click XSS prompt injection vulnerability in Anthropic's Claude Chrome Extension allowed any website to silently hijack the AI assistant.

The Hacker News

21 min read

Security•2026-03-26

Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

This article draws parallels between art forgery and modern cyberattacks to explain how attackers use mimicry to evade detection, and how Network Detection and Response (NDR) can expose them.

The Hacker News

11 min read

Security•2026-03-26

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

This week's ThreatsDay Bulletin covers multiple emerging cybersecurity threats and defensive developments.

The Hacker News

21 min read

Security•2026-03-26

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks

The Coruna iOS exploit kit shares the same kernel exploit code as the 2023 Operation Triangulation campaign, confirming a common author and ongoing development.

The Hacker News

11 min read

Security•2026-03-26

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

This webinar focuses on validating security defenses against real attacks rather than assuming existing tools are effective.

The Hacker News

11 min read

Security•2026-03-26

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

A new payment skimmer leveraging WebRTC data channels has been discovered targeting e-commerce sites, effectively bypassing Content Security Policy controls.

Grafana

15 min read

Security•2026-03-25

Grafana security release: Critical and high severity security fixes for CVE-2026-27876 and CVE-2026-27880

Grafana has released critical and high severity security patches for CVE-2026-27876 and CVE-2026-27880 across multiple versions.

The Hacker News

11 min read

Security•2026-03-25

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

Russian law enforcement arrested the alleged administrator of LeakBase, a major stolen credential marketplace dismantled earlier in March 2026.

The Hacker News

01 min read

Security•2026-03-25

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

GlassWorm is an advanced malware campaign that delivers a multi-stage data theft framework and RAT through poisoned packages on npm, PyPI, GitHub, and Open VSX.

The Hacker News

11 min read

Security•2026-03-25

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

This article explains how compromised AI agents render the traditional cyber kill chain obsolete, as agents already possess the access and permissions that attackers would otherwise need to earn.