The Hacker News

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

Marimo CVE-2026-39987 exploited within 10 hours of disclosure, enabling unauthenticated RCE and credential theft, emphasizing urgent patching needs.
The Hacker News

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

AI browser extensions increase enterprise risk with 60% higher vulnerabilities, bypassing DLP controls and exposing sensitive data.
The Hacker News

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google releases DBSC in Chrome 146 for Windows, binding cookies to devices to reduce session theft and prevent unauthorized access.
The Hacker News

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Backdoored Smart Slider 3 Pro v3.5.1.35 update distributed for 6 hours via compromised infrastructure, enabling RCE and data ...
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.
The Hacker News

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

EngageLab SDK flaw exposed 50M+ Android installs after April 2025 disclosure, risking crypto wallet data until November 2025 ...
The Hacker News

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

UAT-10362 spear-phishing targets Taiwanese NGOs in October 2025, deploying LucidRook malware for data exfiltration and ...