News

The Hacker News

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise (Fri, 08 May 2026)
A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. "QLNX targets developers and DevOps credentials across the software supply chain,"
>> Read more

One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk (Fri, 08 May 2026)
The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live enterprise environments.  The dataset behind these findings includes 10 million monitored
>> Read more

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials (Fri, 08 May 2026)
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination.
>> Read more

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions (Fri, 08 May 2026)
Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers
>> Read more

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access (Thu, 07 May 2026)
Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows "a remotely authenticated user with administrative access to achieve remote code
>> Read more

Print | Sitemap
© Alpha Technology Group
Login

Web ViewMobile View

Logout | Edit page