The Hacker News

Dutch authorities have dismantled a botnet comprising at least 17 million infected devices, including computers, smartphones, tablets, and IoT devices. More than 200 servers in the Netherlands supported the operation. Police seized a subset of the infrastructure, and the hosting provider subsequently took the network offline. Read: https://lnkd.in/g-UCHF3i

🚨 CVE-2026-0257, a PAN-OS and Prisma Access authentication bypass flaw, is under active exploitation. The CVSS 7.8 bug can enable unauthorized VPN access and, in some observed cases, access to internal networks. Patch immediately or apply mitigations. Details: https://lnkd.in/gQvskE48

⚠️ A new technique called "ChatGPhish" turns OpenAI’s ChatGPT into a #phishing tool. No special prompt required... simply summarizing a malicious web page can cause #ChatGPT to display phishing links, fake security alerts, QR codes, and attacker-hosted images in its trusted interface. Full story: https://lnkd.in/g2rACvjj

⚠️ Attackers used an LLM agent for post-exploitation after breaching a public Marimo notebook via CVE-2026-39987, a pre-auth RCE flaw affecting versions ≤0.20.4. The intrusion stole cloud credentials, retrieved an SSH key from AWS Secrets Manager, and exfiltrated a PostgreSQL database via eight SSH sessions in under two minutes. Full report: https://lnkd.in/gFmiVBQT

⚡ AI is making DDoS attacks faster, smarter, and far more dangerous. Attackers are now using AI to discover weak spots, create new attack vectors, and scale assaults with terrifying efficiency. Join our next expert webinar: "A New Perspective on #DDoS Attacks in the Age of AI" Learn real-world examples of AI-powered attacks and practical ways to defend against them — before they hit you. 👉 Register Now (Free): https://lnkd.in/gta-fV6q

⚠️ A previously unknown threat actor has been quietly targeting #Ukraine since at least August 2025. GREYVIBE uses spear-phishing, fake CAPTCHA pages, and fraudulent websites to deliver custom #malware to military, government, civilian, and business targets. Researchers also found evidence of AI-assisted malware development and links to the cybercrime ecosystem. Full report: https://lnkd.in/grPNyY5r

Get a clear picture of your AI security readiness and a step-by-step roadmap to improve it. Download the free eBook:

⚠️ Malicious Sicoob NuGet steals Brazilian bank credentials while npm packages target AWS and CI/CD secrets. The fake "Sicoob.Sdk" versions 2.0.0–2.0.4 exfiltrate client IDs, PFX certificates, and passwords. It was downloaded nearly 500 times. Multiple npm packages from one actor also steal cloud and pipeline secrets. Full report: https://lnkd.in/gJDnJzGs

Most breaches slip in as “normal” activity. Top SOCs shrink uncertainty before it becomes an incident using 3 steps: ◾️ Fresh sandbox IOCs (domains, C2s) auto-updating SIEM/EDR ◾️ One-click alert context: malware family, behavior & execution chain ◾️ Automated sandbox reports with AI summaries & visual chains Prevention happens before the incident gets a name. Read the full 3 steps → https://lnkd.in/dK9kGC7b 

⚠️ Two new #Android NFC relay malware families — DevilNFC and NFCMultiPay — are targeting banking customers in Europe and Latin America. These tools, developed with possible AI assistance, steal card PINs. DevilNFC even locks victims in a fake interface using Kiosk Mode while relaying card data. Local threat actors are now building their own tools instead of relying on Chinese MaaS platforms. Read this story: https://lnkd.in/gXHYYW54