The Hacker News

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

Docker CVE-2026-34040 enables AuthZ bypass via padded requests, risking host compromise; fixed in version 29.3.1.
The Hacker News

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

APT28 exploits SOHO routers for global DNS hijacking and adversary-in-the-middle attacks, enabling credential theft and ...
The Hacker News

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

Storm-1175 exploits 16+ CVEs since 2023, including zero-days, enabling rapid Medusa ransomware attacks within 24 hours.
The Hacker News

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.
The Hacker News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.
The Hacker News

The Hidden Cost of Recurring Credential Incidents

Recurring credential incidents drive operational costs as password resets make up 30% of helpdesk tickets, impacting ...
The Hacker News

New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

GPUBreach achieves full CPU privilege escalation via GDDR6 RowHammer in July 2025 research, threatening cloud AI systems.
The Hacker News

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Hundreds of disconnected apps persist in 2026 enterprises, Ponemon finds, enabling AI agents to amplify credential risks and expand attack surfaces.