Search the Portal

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks. "The

The Hacker News by info@thehackernews.com (The Hacker News)

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It's assessed to be active since May 2025. "

The Hacker News by info@thehackernews.com (The Hacker News)

How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development

Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. The post How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development appeared first on SecurityWeek.

Security Week by Matias Madou

ApolloMD Data Breach Impacts 626,000 Individuals

The company says hackers stole the personal information of patients of affiliated physicians and practices. The post ApolloMD Data Breach Impacts 626,000 Individuals appeared first on SecurityWeek.

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise

The Hacker News by info@thehackernews.com (The Hacker News)

Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards

Windows will have runtime safeguards enabled by default, ensuring that only properly signed software runs. The post Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards appeared first on SecurityWeek.

Hacktivists, State Actors, Cybercriminals Target Global Defense Industry, Google Warns

Threat actors from Russia, China, North Korea and Iran have been observed launching attacks. The post Hacktivists, State Actors, Cybercriminals Target Global Defense Industry, Google Warns appeared first on SecurityWeek.

Security Week by Eduard Kovacs

The CTEM Divide: Why 84% of Security Programs Are Falling Behind

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point

The Hacker News by info@thehackernews.com (The Hacker News)

Nucleus Raises $20 Million for Exposure Management

The company will use the investment to scale operations and deepen intelligence and automation. The post Nucleus Raises $20 Million for Exposure Management appeared first on SecurityWeek.

Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’

Impacting the ‘dyld’ system component, the memory corruption issue can be exploited for arbitrary code execution. The post Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’ appeared first on SecurityWeek.

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346

The Hacker News by info@thehackernews.com (The Hacker News)

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. Successful exploitation of the vulnerability could allow an

The Hacker News by info@thehackernews.com (The Hacker News)

Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack

Officials said data will now be classified as one of four categories: “public,” “sensitive,” “confidential” or “restricted.” The post Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack appeared first on SecurityWeek.

Security Week by Associated Press

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been

The Hacker News by info@thehackernews.com (The Hacker News)