#thehackernews — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #thehackernews, aggregated by home.social.
-
「オンプレミスのMicrosoft Exchange Serverの脆弱性CVE-2026-42897が、細工されたメールを介して悪用される 」: #TheHackerNews
「マイクロソフトは、オンプレミス版のExchange Serverに影響を与える新たなセキュリティ脆弱性を公表した。同社によると、この脆弱性は既に悪用されているという。
CVE-2026-42897 (CVSSスコア:8.1)として追跡されているこの脆弱性は、 クロスサイトスクリプティングの欠陥に起因するなりすましバグとされています。この問題を発見し報告したのは、匿名の研究者であるとされています。
「Microsoft Exchange Serverにおけるウェブページ生成時の入力の不適切な無効化(クロスサイトスクリプティング)により、不正な攻撃者がネットワーク上でなりすましを実行できる可能性がある」と、このテクノロジー大手は 木曜日の勧告で述べた 。 」
https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html
-
「オンプレミスのMicrosoft Exchange Serverの脆弱性CVE-2026-42897が、細工されたメールを介して悪用される 」: #TheHackerNews
「マイクロソフトは、オンプレミス版のExchange Serverに影響を与える新たなセキュリティ脆弱性を公表した。同社によると、この脆弱性は既に悪用されているという。
CVE-2026-42897 (CVSSスコア:8.1)として追跡されているこの脆弱性は、 クロスサイトスクリプティングの欠陥に起因するなりすましバグとされています。この問題を発見し報告したのは、匿名の研究者であるとされています。
「Microsoft Exchange Serverにおけるウェブページ生成時の入力の不適切な無効化(クロスサイトスクリプティング)により、不正な攻撃者がネットワーク上でなりすましを実行できる可能性がある」と、このテクノロジー大手は 木曜日の勧告で述べた 。 」
https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html
-
「OpenClawの4つの脆弱性により、データ窃盗、権限昇格、および永続化が可能になる 」: #TheHackerNews
「サイバーセキュリティ研究者らは、OpenClawに存在する4つのセキュリティ上の欠陥を明らかにした。これらの欠陥は連鎖的に利用することで、データ窃盗、権限昇格、および永続的なアクセスを可能にする可能性がある。
脆弱性はまとめて次のように呼ばれています。 クローチェーン Cyera社が開発した脆弱性により、攻撃者は足がかりを築き、機密データを漏洩させ、バックドアを仕掛けることが可能になります。脆弱性の概要は以下のとおりです。
CVE-2026-44112 (CVSS スコア: 9.6/6.3)
CVE-2026-44113 (CVSS スコア: 7.7/6.3)
CVE-2026-44115 (CVSS スコア: 8.8)
CVE-2026-44118 (CVSSスコア: 7.8)
」https://thehackernews.com/2026/05/four-openclaw-flaws-enable-data-theft.html
-
「OpenClawの4つの脆弱性により、データ窃盗、権限昇格、および永続化が可能になる 」: #TheHackerNews
「サイバーセキュリティ研究者らは、OpenClawに存在する4つのセキュリティ上の欠陥を明らかにした。これらの欠陥は連鎖的に利用することで、データ窃盗、権限昇格、および永続的なアクセスを可能にする可能性がある。
脆弱性はまとめて次のように呼ばれています。 クローチェーン Cyera社が開発した脆弱性により、攻撃者は足がかりを築き、機密データを漏洩させ、バックドアを仕掛けることが可能になります。脆弱性の概要は以下のとおりです。
CVE-2026-44112 (CVSS スコア: 9.6/6.3)
CVE-2026-44113 (CVSS スコア: 7.7/6.3)
CVE-2026-44115 (CVSS スコア: 8.8)
CVE-2026-44118 (CVSSスコア: 7.8)
」https://thehackernews.com/2026/05/four-openclaw-flaws-enable-data-theft.html
-
「Windowsのゼロデイ脆弱性により、BitLockerのバイパスとCTFMONによる権限昇格が明らかに 」: #ThehackerNews
「Microsoft Defenderの3つの脆弱性を公表した匿名のサイバーセキュリティ研究者が、BitLockerのバイパスとWindows Collaborative Translation Framework(CTFMON)に影響を与える権限昇格に関する2つの新たなゼロデイ脆弱性を公表した。
この セキュリティ上の欠陥は 、研究者によってそれぞれYellowKey と GreenPlasma というコードネームが付けられており 、この研究者はオンライン上でChaotic EclipseとNightmare-Eclipseという別名を使用している。
研究者は YellowKeyを 「これまで発見した中で最も驚くべき発見の一つ」と評し、BitLockerのバイパス機能はバックドアのようなものだと指摘した。」
https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html
-
I don't use it anyway but #TheHackerNews: [#cPanel, #WHM Release Fixes for Three New #Vulnerabilities — Patch Now]Source: 🔗(https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html) #security #updates #patches
-
I don't use it anyway but #TheHackerNews: [#cPanel, #WHM Release Fixes for Three New #Vulnerabilities — Patch Now]Source: 🔗(https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html) #security #updates #patches
-
New post in #TheHackerNews: [#cPanel, #WHM Release Fixes for Three New #Vulnerabilities — Patch Now]Source: 🔗(https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html)
-
I don't use it anyway but #TheHackerNews: [#cPanel, #WHM Release Fixes for Three New #Vulnerabilities — Patch Now]Source: 🔗(https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html) #security #updates #patches
-
How To Automate Ticket Creation, Device Identification and Threat Triage With Tines – Source:thehackernews.com https://ciso2ciso.com/how-to-automate-ticket-creation-device-identification-and-threat-triage-with-tines-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Automate
-
Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns – Source:thehackernews.com https://ciso2ciso.com/palo-alto-advises-securing-pan-os-interface-amid-potential-rce-threat-concerns-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Advises
-
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network – Source:thehackernews.com https://ciso2ciso.com/u-s-seizes-7-74m-in-crypto-tied-to-north-koreas-global-fake-it-worker-network-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network – Source:thehackernews.com https://ciso2ciso.com/u-s-seizes-7-74m-in-crypto-tied-to-north-koreas-global-fake-it-worker-network-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network – Source:thehackernews.com https://ciso2ciso.com/u-s-seizes-7-74m-in-crypto-tied-to-north-koreas-global-fake-it-worker-network-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network – Source:thehackernews.com https://ciso2ciso.com/u-s-seizes-7-74m-in-crypto-tied-to-north-koreas-global-fake-it-worker-network-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown – Source:thehackernews.com https://ciso2ciso.com/doj-seizes-145-domains-tied-to-bidencash-carding-marketplace-in-global-takedown-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown – Source:thehackernews.com https://ciso2ciso.com/doj-seizes-145-domains-tied-to-bidencash-carding-marketplace-in-global-takedown-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown – Source:thehackernews.com https://ciso2ciso.com/doj-seizes-145-domains-tied-to-bidencash-carding-marketplace-in-global-takedown-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown – Source:thehackernews.com https://ciso2ciso.com/doj-seizes-145-domains-tied-to-bidencash-carding-marketplace-in-global-takedown-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation – Source:thehackernews.com https://ciso2ciso.com/u-s-doj-seizes-4-domains-supporting-cybercrime-crypting-services-in-global-operation-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation – Source:thehackernews.com https://ciso2ciso.com/u-s-doj-seizes-4-domains-supporting-cybercrime-crypting-services-in-global-operation-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation – Source:thehackernews.com https://ciso2ciso.com/u-s-doj-seizes-4-domains-supporting-cybercrime-crypting-services-in-global-operation-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation – Source:thehackernews.com https://ciso2ciso.com/u-s-doj-seizes-4-domains-supporting-cybercrime-crypting-services-in-global-operation-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seizes
-
FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity – Source:thehackernews.com https://ciso2ciso.com/fbi-seizes-breachforums-again-urges-users-to-report-criminal-activity-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #BreachForums #Seizes
-
FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity – Source:thehackernews.com https://ciso2ciso.com/fbi-seizes-breachforums-again-urges-users-to-report-criminal-activity-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #BreachForums #Seizes
-
FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity – Source:thehackernews.com https://ciso2ciso.com/fbi-seizes-breachforums-again-urges-users-to-report-criminal-activity-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #BreachForums #Seizes
-
FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity – Source:thehackernews.com https://ciso2ciso.com/fbi-seizes-breachforums-again-urges-users-to-report-criminal-activity-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #BreachForums #Seizes
-
Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain – Source:thehackernews.com https://ciso2ciso.com/feds-seize-6-4m-veriftools-fake-id-marketplace-but-operators-relaunch-on-new-domain-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seize
-
Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain – Source:thehackernews.com https://ciso2ciso.com/feds-seize-6-4m-veriftools-fake-id-marketplace-but-operators-relaunch-on-new-domain-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seize
-
Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain – Source:thehackernews.com https://ciso2ciso.com/feds-seize-6-4m-veriftools-fake-id-marketplace-but-operators-relaunch-on-new-domain-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Seize
-
Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation – Source:thehackernews.com https://ciso2ciso.com/redefining-cyber-value-why-business-impact-should-lead-the-security-conversation-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Redefining
-
Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation – Source:thehackernews.com https://ciso2ciso.com/redefining-cyber-value-why-business-impact-should-lead-the-security-conversation-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Redefining
-
Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation – Source:thehackernews.com https://ciso2ciso.com/redefining-cyber-value-why-business-impact-should-lead-the-security-conversation-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Redefining
-
Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation – Source:thehackernews.com https://ciso2ciso.com/redefining-cyber-value-why-business-impact-should-lead-the-security-conversation-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Redefining
-
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted – Source:thehackernews.com https://ciso2ciso.com/moveit-transfer-faces-increased-threats-as-scanning-surges-and-cve-flaws-are-targeted-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #MOVEit
-
Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP – Source:thehackernews.com https://ciso2ciso.com/over-two-dozen-flaws-identified-in-advantech-industrial-wi-fi-access-points-patch-asap-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Dozen
-
Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics – Source:thehackernews.com https://ciso2ciso.com/charon-ransomware-hits-middle-east-sectors-using-apt-level-evasion-tactics-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Charon
-
Securing Agentic AI: How to Protect the Invisible Identity Access – Source:thehackernews.com https://ciso2ciso.com/securing-agentic-ai-how-to-protect-the-invisible-identity-access-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Securing
-
Securing Data in the AI Era – Source:thehackernews.com https://ciso2ciso.com/securing-data-in-the-ai-era-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Securing
-
Securing CI/CD workflows with Wazuh – Source:thehackernews.com https://ciso2ciso.com/securing-ci-cd-workflows-with-wazuh-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Securing
-
The Identities Behind AI Agents: A Deep Dive Into AI & NHI – Source:thehackernews.com https://ciso2ciso.com/the-identities-behind-ai-agents-a-deep-dive-into-ai-nhi-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #identities
-
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining – Source:thehackernews.com https://ciso2ciso.com/notorious-hacker-group-teamtnt-launches-new-cloud-attacks-for-crypto-mining-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Notorious
-
New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers – Source:thehackernews.com https://ciso2ciso.com/new-stealthy-babbleloader-malware-spotted-delivering-whitesnake-and-meduza-stealers-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Stealthy
-
Someone Created First AI-Powered Ransomware Using OpenAI’s gpt-oss:20b Model – Source:thehackernews.com https://ciso2ciso.com/someone-created-first-ai-powered-ransomware-using-openais-gpt-oss20b-model-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Someone
-
How to Detect Phishing Attacks Faster: Tycoon2FA Example – Source:thehackernews.com https://ciso2ciso.com/how-to-detect-phishing-attacks-faster-tycoon2fa-example-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #detect
-
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet – Source:thehackernews.com https://ciso2ciso.com/cisa-adds-3-flaws-to-kev-catalog-impacting-ami-megarac-d-link-fortinet-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Flaws
-
Cracking the Boardroom Code: Helping CISOs Speak the Language of Business – Source:thehackernews.com https://ciso2ciso.com/cracking-the-boardroom-code-helping-cisos-speak-the-language-of-business-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #cracking
-
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks – Source:thehackernews.com https://ciso2ciso.com/ta558-hackers-weaponize-images-for-wide-scale-malware-attacks-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Weaponize #hackers
-
How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges – Source:thehackernews.com https://ciso2ciso.com/how-to-plan-a-new-and-improved-password-policy-for-real-world-security-challenges-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Improved
-
UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats – Source:thehackernews.com https://ciso2ciso.com/unc6384-deploys-plugx-via-captive-portal-hijacks-and-valid-certificates-targeting-diplomats-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Deploys