The Hacker News

🚨 A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month. codexui-android, marketed as a remote web UI, has seen 29,000+ weekly downloads. Since version 0.1.82 it quietly sends ~/.codex/auth.json — including non-expiring refresh tokens — to an attacker server. Read: https://lnkd.in/gE43d2xv

⚠️ Threat actors are actively exploiting a critical vulnerability in WP Maps Pro. CVE-2026-8732 (CVSS 9.8) lets unauthenticated attackers create admin accounts and take over sites. It affects all versions up to 6.1.0. Update to 6.1.1 now. Read: https://lnkd.in/g6ZTy5vk

Dutch authorities have dismantled a botnet comprising at least 17 million infected devices, including computers, smartphones, tablets, and IoT devices. More than 200 servers in the Netherlands supported the operation. Police seized a subset of the infrastructure, and the hosting provider subsequently took the network offline. Read: https://lnkd.in/g-UCHF3i

🚨 CVE-2026-0257, a PAN-OS and Prisma Access authentication bypass flaw, is under active exploitation. The CVSS 7.8 bug can enable unauthorized VPN access and, in some observed cases, access to internal networks. Patch immediately or apply mitigations. Details: https://lnkd.in/gQvskE48

⚠️ A new technique called "ChatGPhish" turns OpenAI’s ChatGPT into a #phishing tool. No special prompt required... simply summarizing a malicious web page can cause #ChatGPT to display phishing links, fake security alerts, QR codes, and attacker-hosted images in its trusted interface. Full story: https://lnkd.in/g2rACvjj

⚠️ Attackers used an LLM agent for post-exploitation after breaching a public Marimo notebook via CVE-2026-39987, a pre-auth RCE flaw affecting versions ≤0.20.4. The intrusion stole cloud credentials, retrieved an SSH key from AWS Secrets Manager, and exfiltrated a PostgreSQL database via eight SSH sessions in under two minutes. Full report: https://lnkd.in/gFmiVBQT

⚡ AI is making DDoS attacks faster, smarter, and far more dangerous. Attackers are now using AI to discover weak spots, create new attack vectors, and scale assaults with terrifying efficiency. Join our next expert webinar: "A New Perspective on #DDoS Attacks in the Age of AI" Learn real-world examples of AI-powered attacks and practical ways to defend against them — before they hit you. 👉 Register Now (Free): https://lnkd.in/gta-fV6q

⚠️ A previously unknown threat actor has been quietly targeting #Ukraine since at least August 2025. GREYVIBE uses spear-phishing, fake CAPTCHA pages, and fraudulent websites to deliver custom #malware to military, government, civilian, and business targets. Researchers also found evidence of AI-assisted malware development and links to the cybercrime ecosystem. Full report: https://lnkd.in/grPNyY5r

Get a clear picture of your AI security readiness and a step-by-step roadmap to improve it. Download the free eBook:

⚠️ Malicious Sicoob NuGet steals Brazilian bank credentials while npm packages target AWS and CI/CD secrets. The fake "Sicoob.Sdk" versions 2.0.0–2.0.4 exfiltrate client IDs, PFX certificates, and passwords. It was downloaded nearly 500 times. Multiple npm packages from one actor also steal cloud and pipeline secrets. Full report: https://lnkd.in/gJDnJzGs