A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by interceptingRead More »vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directoryRead More »Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

U.S. cyber officials are considering shortening the deadline for fixing critical vulnerabilities in government IT, and security experts are sharing their thoughts. 

The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a “false flag” operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social engineering techniques via MicrosoftRead More »MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, teams building smarter defenses, and security productsRead More »The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open