Aggregator

The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open

The Hackers News
1 week 3 days ago
For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, teams building smarter defenses, and security products that keep hunting threats 24/7 — even when it’s hard. Most of the time, this work is
The Hacker News

CISA Adds One Known Exploited Vulnerability to Catalog

CISA News
1 week 3 days ago

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

  • CVE-2026-0300 Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria

CISA

Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE

Security Affairs
1 week 3 days ago
Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has released updates to fix multiple vulnerabilities in its HTTP Server, including CVE-2026-23918 (CVSS score of 8.8). The issue involves a “double free” error in HTTP/2 handling […]
Pierluigi Paganini

Kochava Will Stop Selling 'Sensitive Location' Info

Ransomware DataBreachToday.com
1 week 3 days ago
Litigation Initiated by the US FTC Leads to Settlement Restricting Data Broker
The Federal Trade Commission has banned an Idaho-based data broker from selling sensitive location data gathered from "hundreds of millions" of individuals' mobile devices without their knowledge or consent. The proposed order ends several years of legal sparring between Kochava and the FTC.

BlueVoyant Prepares SaaS Push Under New CEO John Hernandez

Ransomware DataBreachToday.com
1 week 3 days ago
BlueVoyant Seeks to Expand Beyond MDR Clients Into Firms With Mature In-House SOCs
BlueVoyant named John Hernandez - the former leader of Quest's Microsoft security business - as its next CEO to drive an agentic AI SaaS platform that expands the vendor beyond managed services and helps customers accelerate detection, response and supply-chain risk management.

Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?

The Hackers News
1 week 3 days ago
Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Enterprise leaders can request access to the Gartner Market Guide for
The Hacker News

印度推动半导体产业 抢占全球电子枢纽地位

不安全
1 week 3 days ago
印度政府昨天深夜批准两项总值4亿1400万美元的新半导体计划,展现政府加速推动印度成为全球电子产业枢纽的决心。这两项计划分别是1座LED显示器相关制造设施以及1家半导体封装厂。截至目前,印度境内相关设

Managed ad