The Hacker News

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

GopherWhisper infected 12 Mongolian government systems in January 2025, abusing Slack and Discord for C2, exposing wider ...
The Hacker News

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel uncovered additional compromised accounts after expanding its probe into a Context.ai-linked breach, exposing OAuth ...
The Hacker News

Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case

Apple fixes CVE-2026-28950 in iOS 26.4.2 after deleted notifications were retained, mitigating forensic data exposure.
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
The Hacker News

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Harvester deploys Linux GoGra via Microsoft Graph API in South Asia, targeting India and Afghanistan since 2021, enabling ...
The Hacker News

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

Lotus Wiper hit Venezuela’s energy sector in late 2025, exploiting pre-Windows 10 1803 systems, wiping drives and crippling ...
The Hacker News

Toxic Combinations: When Cross-App Permissions Stack into Risk

Toxic combinations form when AI agents, integrations, or OAuth grants bridge SaaS apps into trust relationships no single ...