The Hacker News
βœ”
162K subscribers
3.31K photos
21 videos
4 files
9.27K links
⭐ Official THN Telegram Channel β€” A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking.

πŸ“¨ Contact: admin@thehackernews.com

🌐 Website: https://thehackernews.com
Download Telegram
🚨 Update - Citrix CVE-2026-8451 is now under active exploitation, less than 24 hours after disclosure.

A Frankfurt IP hit sensors for 5 hours, delivering the watchTowr exploit only after a 200 OK response and skipping 404s.

Learn the malformed SAML exploit path works: https://thehackernews.com/2026/07/citrix-patches-six-netscaler-flaws.html
πŸ”₯7
πŸ›‘ Ransomware crews are stacking three ugly paths into enterprise networks.

πŸ”Έ Anubis: Citrix Bleed 2
πŸ”Έ The Gentlemen: Go backdoor + BYOVD
πŸ”Έ VECT/TeamPCP: supply-chain credential theft

How the attack paths connect: https://thehackernews.com/2026/07/ransomware-groups-turn-to-citrix-bleed.html
πŸ”₯8πŸ‘1πŸ€”1
πŸ”₯ Google disrupted #NetNut, a proxy network spanning at least 2 million home devices.

In one June week, GTIG saw 316 threat clusters using suspected NetNut exit nodes to hide location and guess passwords.

The simple risk: your home IP becomes someone else’s relay.

Learn more: https://thehackernews.com/2026/07/google-disrupts-netnut-residential.html
πŸ”₯8πŸ‘4😁1
🚨 PamStealer targets Mac users through fake Maccy sites.

A compiled AppleScript stages a Rust stealer that validates the entered login password through PAM, then targets browsers, crypto wallets, iCloud Keychain, and clipboard content.

How the attack chain works: https://thehackernews.com/2026/07/pamstealer-uses-fake-maccy-sites-and.html
⚑6
⚠️ A member of the EU committee investigating spyware abuse was hacked with Pegasus while serving on it.

Citizen Lab says Stelios Kouloglou’s #iPhone was compromised in Oct. 2022 and Mar. 2023, likely via Apple’s HomeKit zero-click exploit.

Attackers could have accessed PEGA documents and deliberations.

Details: https://thehackernews.com/2026/07/european-parliament-member.html
😁7πŸ‘2πŸ€”2
This media is not supported in your browser
VIEW IN TELEGRAM
#ThreatsDay this week reads like attackers opened the junk drawer of the internet and found everything still plugged in:

🧠 exposed AI compute
πŸ“§ email privacy gaps
🧩 fake browser extensions
πŸ€– meeting bots
πŸ“‹ clipboard tricks
πŸ›‘οΈ Defender flaws
🎭 fake INTERPOL ransomware

Just an Empire State Building-sized amount of trust left unattended - https://thehackernews.com/2026/07/threatsday-ai-compute-hijacking-apple.html
πŸ”₯7πŸ€”2πŸ‘1
⚠️ Armored Likho targeted power and government agencies.

Kaspersky says the attacks span Russia, Brazil, and Kazakhstan, using BusySnake Stealer, GitHub-hosted payloads, Go2Tunnel reverse tunneling, and patched CVE-2025-9491 LNK abuse.

How the stealer chain works: https://thehackernews.com/2026/07/armored-likho-targets-government.html
πŸ”₯4😁4πŸ€”3
πŸ›‘ Six malicious npm packages mimicked Rollup polyfill tools.

Experts link them to North Korea-linked actors. They used hidden install-time execution and JSONKeeper fetches to load payloads for remote access and browser, wallet, cloud, SSH, and npm secret theft.

Read: https://thehackernews.com/2026/07/north-korea-linked-npm-packages-mimic.html
πŸ”₯2
πŸ›‘ Avalon turns a PDF-themed .LNK into CrownX ransomware.

Proton Drive β†’ ISO image β†’ MSBuild β†’ ETW tampering β†’ HTTPS payload.

By the ransom note, credentials, C2, and recovery disruption are already in play.

Inside the attack chain: https://thehackernews.com/2026/07/new-avalon-malware-framework-packs.html
πŸ”₯3
This media is not supported in your browser
VIEW IN TELEGRAM
⚑ New "Bad Epoll" (CVE-2026-46242) vulnerability affects #Linux 6.4+ kernels and may reach newer #Android devices.

It can turn a local user into root; the PoC hit 99% reliability and may trigger from Chrome’s renderer sandbox.

πŸ”— Read how the bug works: https://thehackernews.com/2026/07/new-bad-epoll-linux-kernel-flaw-lets.html
πŸ‘4😱4🀯2
πŸ‘€ New UNPATCHED FatFs vulnerabilities hit a filesystem library bundled into potentially MILLIONS of embedded devices.

Malformed USB drives, SD cards, or update files can trigger memory corruption, crashes, leaks, or hangs.

Read details here: https://thehackernews.com/2026/07/unpatched-flaws-disclosed-in-filesystem.html
πŸ”₯5🀯3
⚠️ 108 malicious packages and extensions were published across npm, Packagist, Go, and Chrome.

North Korea-linked PolinRider uses obfuscated JavaScript loaders, VS Code auto-run tasks, and blockchain services to fetch DEV#POPPER RAT and OmniStealer.

Inside the attack chain: https://thehackernews.com/2026/07/north-korean-hackers-publish-108.html
🀯8πŸ”₯2πŸ‘2
πŸ›‘ A U.S. government entity paid Kairos about $1 million in #Bitcoin.

The payment was made to keep stolen files from being leaked, according to a Ransom-ISAC case study.

This was not a lock-and-key ransomware case. The pressure point was the stolen data itself.

Read the story: https://thehackernews.com/2026/07/us-government-entity-paid-kairos-group.html
😁17πŸ”₯3