Hacking 2026 2026() 2025() 2024() 2023()
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
| 21.6.26 | SearchLeak | SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon | HACKING | M365 COPILOT |
| 17.6.26 | Hijacking Vertex AI Model Uploads for Cross-Tenant RCE | Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE | HACKING | HACKING |
| 11.6.26 | NPM Ignore Scripts Best | NPM Ignore Scripts Best Practices as Security Mitigation for Malicious Packages | HACKING | HACKING |
| 6.6.26 | TanStack Supply Chain Attack | On 11 May 2026, the threat actor group TeamPCP compromised 42 TanStack npm packages by chaining three GitHub Actions vulnerabilities to hijack the project's legitimate CI/CD pipeline. The attackers then published 84 malicious package versions carrying valid SLSA Build Level 3 provenance attestations, making them indistinguishable from legitimate releases by standard verification methods. | HACKING | HACKING |
| 3.6.26 | FlagLeft | FlagLeft: We Found A Forgotten Flag That Turned Microsoft 365 Apps Into a Silent Account Takeover Pipeline for Billions of Users | HACKING | HACKING |
| 3.6.26 | 1-Click GitHub Token Stealing via a VSCode Bug | Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones. | HACKING | HACKING |
| 31.5.26 | LLMShare | LLMShare: how attackers are turning AI chatbot pages into malware delivery platforms | HACKING | AI |
| 30.5.26 | SymJack | SymJack: the approval prompt is lying to you. A symlink-hijack RCE in six AI coding agents | HACKING | AI |
| 30.5.26 | TrustFall | TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot | HACKING | AI |
| 20.5.26 | Trapdoor funnels malvertising into ad fraud | HUMAN’s Satori Threat Intelligence and Research Team has identified and has disrupted an ad fraud and malvertising operation dubbed Trapdoor. The operation encompasses 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains that together form a multi-stage fraud pipeline | HACKING | HACKING |
| 9.5.26 | CallPhantom tricks | Fake call logs, real payments: How CallPhantom tricks Android users | HACKING | HACKING |
| 25.4.26 | PhantomRPC | PhantomRPC: A new privilege escalation technique in Windows RPC | HACKING | HACKING |
| 24.4.26 | AdaptixC2 | AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks | HACKING | TOOLS |
| 23.4.26 | Checkmarx KICS images | Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions | HACKING | HACKING |
| 8.4.26 | Python-Based Backdoor and Changes in Distribution Techniques | Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group) | HACKING | MALWARE |
| 8.4.26 | Handala | Handala: MOIS Linked Cyber Influence Ecosystem Threat Intelligence Assessment | HACKING | MALWARE |
| 8.4.26 | Qilin EDR killer infection chain | Endpoint detection and response (EDR) tools are widely deployed and far more capable than traditional antivirus. As a result, attackers use EDR killers to disable or bypass them. | HACKING | RANSOMWARE |
| 8.4.26 | DPRK Malware Modularity | DPRK Malware Modularity: Diversity and Functional Specialization | HACKING | MALWARE |
| 5.4.26 | RoadK1ll | RoadK1ll: A WebSocket Based Pivoting Implant | HACKING | HACKING |
| 5.4.26 | Cookie-controlled PHP webshells | Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments | HACKING | HACKING |
| 26.3.26 | Poisoned Typeface | Poisoned Typeface: How Simple Font Rendering Poisons Every AI Assistant, And Only Microsoft Cares |
AI |
|
| 26.3.26 | WebRTC skimmer bypasses | Sansec discovered a payment skimmer that uses WebRTC DataChannels to receive its payload and exfiltrate stolen data, bypassing CSP and HTTP-based security tools. | HACKING | HACKING |
| 26.3.26 | ShadowPrompt | ShadowPrompt: How Any Website Could Have Hijacked Claude's Chrome Extension | HACKING | AI |
|
25.3.26 |
Microsoft 365 Token Attack Infrastructure | Riding the Rails: Threat Actors Abuse Railway.com PaaS as Microsoft 365 Token Attack Infrastructure | HACKING | HACKING |
|
25.3.26 |
From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill |
TOOL |
||
|
25.3.26 |
A compromised release steals credentials and spreads to Kubernetes clusters. First reported to PyPI by FutureSearch. |
|||
| 20.3.26 | The technology behind EDR killers | ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers | HACKING | EDR |
| 16.3.26 | Evil evolution | Across three recent campaigns, Sophos X-Ops notes shifts in both lures and malware capabilities, as threat actors leveraging ClickFix techniques increasingly target macOS users with infostealers | HACKING | HACKING |
| 10.3.26 | GhostClaw | GhostClaw Unmasked: A Malicious npm Package Impersonating OpenClaw to Steal Everything | HACKING | MALWARE |
| 9.3.26 | Pixel Perfect | Pixel Perfect: Sold Extension Injects Code Through Pixel | HACKING | HACKING |
| 1.3.26 | Log Poisoning in OpenClaw | It is important to be clear here: this is not a traditional remote code execution vulnerability. Instead, its an indirect prompt injection risk, where exploitation depends on context. | HACKING | AI |
| 20.2.26 | AgreeToSteal | AgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen Credentials | HACKING | HACKING |
| 11.2.26 | LABYRINTH CHOLLIMA | LABYRINTH CHOLLIMA Evolves into Three Adversaries | HACKING | CLUSTER |
| 9.2.26 | TeamPCP | Threat Alert: TeamPCP, An Emerging Force in the Cloud Native and Ransomware Landscape | HACKING | CLUSTER |
| 9.2.26 | Vortex Werewolf (SkyCloak) | A new cluster is distributing malware via phishing. We demonstrate how the attack works through fake pages simulating file downloads from Telegram. | HACKING | CLUSTER |
| 6.2.26 | DKnife | Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework | HACKING | HACKING |
|
18.1.26 |
Hijacking Bluetooth Accessories Using Google Fast Pair |
HACKING |
Bluetooth |
|
|
16.1.26 |
Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data |
HACKING |
AI |
|
|
7.1.26 |
Prompt poaching runs rampant in extensions |
HACKING |
AI |
|
|
3.1.26 |
The Situation: A major vulnerability allows unauthenticated attackers to remotely leak sensitive data from MongoDB server memory. No login is required. |
HACKING |