The Hacker News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come ...
CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
Morning Overview on MSN

The TanStack supply chain attack hit OpenAI — hackers reached two employee devices and forced the company to rotate all its code-signing certificates

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...
CSO Online

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to ...

'ClickFix' attack tricks users into hacking themselves, ACSC warns

ClickFix relies on tricking users into essentially hacking themselves by running commands that compromise their computers. In ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

China: Calls for death penalty after teen gets life sentence

A 14-year-old in Yunnan province has been convicted of intentional homicide and rape, and sentenced to life in prison. The ...

From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...

OPP charge ServiceOntario employee as part of probe into stolen vehicles

At least eight ServiceOntario employees have faced breach of trust charges in the last five years, according to records ...
Cyber Daily

US cyber agency warns of active exploitation of Microsoft Exchange Server spoofing vulnerability

Critical-severity CVE-2026-42897 could lead to remote code execution, and hackers are already taking advantage.
Indiatimes

After calling software engineering 'dead,' Anthropic’s Claude Code creator Boris Cherny says coding tools like Microsoft VS Code, Apple Xcode, and others will be ‘dead soon’

Boris Cherny, the creator of Claude Code, thinks the tools developers have relied on for decades are on borrowed time. Having already predicted that the software engineer job title will "start to go ...