The Hacker News

Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case

Apple fixes CVE-2026-28950 in iOS 26.4.2 after deleted notifications were retained, mitigating forensic data exposure.
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
The Hacker News

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Harvester deploys Linux GoGra via Microsoft Graph API in South Asia, targeting India and Afghanistan since 2021, enabling ...
The Hacker News

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

Lotus Wiper hit Venezuela’s energy sector in late 2025, exploiting pre-Windows 10 1803 systems, wiping drives and crippling ...
The Hacker News

Toxic Combinations: When Cross-App Permissions Stack into Risk

Toxic combinations form when AI agents, integrations, or OAuth grants bridge SaaS apps into trust relationships no single ...
The Hacker News

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

"A regression in the Microsoft.AspNetCore.DataProtection 10.0.0-10.0.6 NuGet packages cause the managed authenticated ...