Endigest

About
Privacy
Terms
Contact
RSS

The Hacker News Articles | Endigest

The Hacker News Articles

The Hacker News

11 min read

Security•2026-05-21

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

A nine-year-old Linux kernel vulnerability (CVE-2026-46333, CVSS 5.5) in the __ptrace_may_access() function enables unprivileged local users to execute arbitrary commands as root and disclose sensitive files on major distributions including Debian, Fedora, and Ubuntu.

The Hacker News

21 min read

Security•2026-05-21

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub's internal repositories were breached through a poisoned Nx Console VS Code extension, exposing the vulnerability of extension marketplaces' auto-update mechanisms.

The Hacker News

21 min read

Security•2026-05-21

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal Core vulnerability CVE-2026-9082 enables SQL injection attacks on PostgreSQL sites, potentially leading to information disclosure, privilege escalation, or remote code execution.

The Hacker News

21 min read

Security•2026-05-20

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

Microsoft released RAMPART and Clarity to help developers secure AI agents during development.

The Hacker News

11 min read

Security•2026-05-20

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft disrupted a malware-signing-as-a-service (MSaaS) operation called Fox Tempest that abused Artifact Signing to distribute signed malware and conduct ransomware attacks affecting thousands of machines worldwide.

The Hacker News

21 min read

Security•2026-05-20

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Webworm, a China-aligned threat actor, deploys new backdoors EchoCreep and GraphWorm that use Discord and Microsoft Graph API for C2 communications in 2025.

The Hacker News

91 min read

Security•2026-05-20

Agent AI is Coming. Are You Ready?

This article examines security risks posed by Agent AI and the importance of identity management.

The Hacker News

21 min read

Security•2026-05-20

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

Typosquatting has evolved into a supply chain problem where attackers embed malicious domains in legitimate third-party scripts without requiring user mistakes or server breaches.

The Hacker News

11 min read

Security•2026-05-20

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft released a mitigation for YellowKey (CVE-2026-45585), a critical BitLocker bypass vulnerability affecting Windows 11 and Server 2025.

The Hacker News

21 min read

Security•2026-05-20

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana Labs experienced a GitHub breach on May 11, 2026, from a TanStack npm supply chain attack by TeamPCP.

The Hacker News

11 min read

Security•2026-05-20

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

GitHub investigates unauthorized access to ~4,000 internal repositories after TeamPCP threatened to sell source code on a cybercrime forum.

The Hacker News

21 min read

Security•2026-05-19

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

Trapdoor is a large-scale Android ad fraud and malvertising operation using 455 malicious apps and 183 C2 domains to generate fraudulent ad impressions.