Varonis Acquires Cyral to Reinvent Database Activity Monitoring
Post Content
Post Content
Related
cPanel & WHM Authentication Bypass
What is the Vulnerability? CVE-2026-41940 is a critical authentication bypass vulnerability affecting WebPros cPanel & WHM, DNSOnly, and WP Squared installations. The vulnerability stems from improper handling of CRLF injection during the login and session-loading process, enabling attackers to forge authenticated sessions and gain unauthorized administrative access. Successful exploitation may allow remote unauthenticated attackers to…
‘Landfall’ Malware Targeted Samsung Galaxy Users
The tool let its operators secretly record conversations, track device locations, capture photos, collect contacts, and perform other surveillance on compromised devices.
Electronic Warfare Puts Commercial GPS Users on Notice
Interference with the global positioning system (GPS) isn’t just a problem for airlines, but for shipping, trucking, car navigation, agriculture, and even the financial sector.
The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open
For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, teams building smarter defenses, and security products that keep hunting threats 24/7…
China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its signature MgBot backdoor in attacks targeting victims in Türkiye, China, and India. The activity, Kaspersky said, was observed between November 2022 and November 2024. It has…
Serbian Police Hack Protester’s Phone With Cellebrite Exploit Chain
Amnesty International said Serbian police used an exploit chain in tandem with legitimate mobile extraction dongle from vendor Cellebrite in an attack that brings up questions around ethical technology development.