News

The Hacker News

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed (Tue, 05 May 2026)
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don't see it. Your MFA doesn't stop it. And when an attacker gets hold of one, they don't need a password. OAuth
>> Read more

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks (Tue, 05 May 2026)
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary code execution. "MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code
>> Read more

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is (Tue, 05 May 2026)
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security. In the wake of the
>> Read more

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows (Tue, 05 May 2026)
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to have enabled the
>> Read more

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API (Tue, 05 May 2026)
A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the "/papi/esearch/data/devops/
>> Read more

Print | Sitemap
© Alpha Technology Group
Login

Web ViewMobile View

Logout | Edit page