Category: Uncategorized

  • The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open

    The Hacker News Launches ‘Cybersecurity Stars Awards 2026’ — Submissions Now Open

    For nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats.
    But behind every headline, there’s a quieter, better story.
    It’s the story of leaders making tough calls under pressure, teams building smarter defenses, and security products that keep hunting threats 24/7 — even when it’s hard.
    Most of the time, this work is
  • Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks

    Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks

    Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks.
    “This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute,” Google’s product and security teams said.
    The initiative builds upon the foundation of Pixel Binary Transparency, which Google introduced in October 2021
  • Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

    Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

    Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild.
    The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries a CVSS score of 9.3 if the User-ID Authentication Portal is configured to enable access from the internet or any
  • Council accelerates construction to address port access closures

    Council accelerates construction to address port access closures

    THE DALLES — Owners, employees and patrons of the Bargeway Pub & Catering packed The Dalles City Council meeting on April 27, addressing business impacts tied to the ongoing closure of Webber Street, which has significantly halted traffic in the…
  • Candidates for Oregon House, Senate speak

    Candidates for Oregon House, Senate speak

    THE DALLES — All the candidates for Wasco County positions, from county commission to U.S. Senate, were invited to a forum at The Dalles Senior Center on April 28. Most attended, though three candidates ended up answering the moderator’s questions…
  • Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

    Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

    The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE).
    The vulnerability, tracked as CVE-2026-23918 (CVSS score: 8.8), has been described as a case of “double free and possible RCE” in the HTTP/2 protocol handling. This issue
  • China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

    China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

    A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.
    The activity is being tracked by Cisco Talos under the moniker UAT-8302, with post-exploitation involving the deployment of custom-made malware families that have been put
  • The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

    The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

    Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don’t see it. Your MFA doesn’t stop it. And when an attacker gets hold of one, they don’t need a password.
    OAuth
  • We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is

    We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is

    While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security.
    In the wake of the
  • ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

    ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

    The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China.
    While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to have enabled the