The Hacker News

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.
TMCnet

Modernizing Enterprise Communications: Ensuring High Availability for Web-Based Applications

Businesses are completely dependent on the stability of digital communication channels. They also need uninterrupted data ...
Communications of the ACM

Subscription Bombing: Email under Attack

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...
The Hacker News

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

According to Cisco Talos, it's these URL-exposed webhooks – which make use of the same *.app.n8n [.]cloud subdomain – that ...
pv magazine International

Cyber threats for PV: What are distributed denial-of-service attacks and how do they work

Denial-of-service attacks overwhelm networked systems with massive traffic from compromised devices, disrupting communication and making critical services like PV system monitoring and control ...
SecurityWeek

Orthanc DICOM Vulnerabilities Lead to Crashes, RCE

Multiple vulnerabilities in the Orthanc DICOM server could be exploited to cause crashes, leak information, or execute ...

Gas Town controls what automated agents are allowed

Gas Town 1.0.0 orchestrates multi-stage development workflows, hardens agent security, and supports Windows for the first ...
CPO Magazine

Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...
Infosecurity Magazine

Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet

FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices ...
CSO Online

Old Docker authorization bypass pops up despite previous patch

A 10-year-old issue involving Docker Engine and the AuthZ authorization plug-in lives again to enable attackers to gain ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...