The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
WeLiveSecurity

OceanLotus: From external espionage to domestic targeting

Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations ...
The Daily Reflector

Vietnam-aligned OceanLotus pivots to spy on domestic targets as it takes a more selective ...

From mid-2024 to February 2026, Vietnam-aligned APT group OceanLotus compromised the network of a Vietnamese infrastructure and transport construction corporation with its signature implant, ...
Infosecurity-magazine.com

New SilabRAT Trojan Hijacks Sessions to Steal Crypto

A new remote access trojan sold on dark web forums has been built to drain cryptocurrency, hijacking victims' logged-in sessions to slip past passwords and multi-factor checks. Dubbed SilabRAT, the ...