Skip to content
The Nexus
DossierENTITY

cybersecurity researchers

Coverage of cybersecurity researchers in the Nexus archive.

Earliest in view: Apr 8 · 16:30 UTCMost recent: Jun 23 · 08:54 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 23 · 08:54 UTCTHE HACKER NEWS
    Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

    Cybersecurity researchers have discovered malicious npm packages designed to deliver a Windows-based remote access trojan (RAT). The identified packages include aes-decode-runner-pro (145 downloads), postcss-minify-selector (256 downloads), and postcss-minify-selector-parser (615 downloads), all published in the past month by an npm user.

  • SECURITYJun 12 · 12:04 UTCTHE HACKER NEWS
    Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

    Cybersecurity researchers have identified a new attack method called Agentjacking, which exploits AI coding agents by tricking them into executing malicious code via fake error reports generated through the Sentry platform. The attack leverages an open-source error-tracking and performance-monitoring system to compromise developer machines.

  • SECURITYJun 3 · 16:29 UTCTHE HACKER NEWS
    Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

    Cybersecurity researchers have identified a new malspam campaign exploiting Google's DoubleClick domain to bypass detection and deliver the DesckVB RAT. The campaign uses a legitimate Google-owned domain to route traffic before reaching attacker-controlled infrastructure.

  • SECURITYJun 3 · 10:18 UTCTHE HACKER NEWS
    Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

    Cybersecurity researchers disclosed an unpatched vulnerability in the Windows search: URI handler that could allow attackers to steal NTLMv2 hashes. The issue is similar to CVE-2026-33829, which affected the Windows Snipping Tool's ms-screensketch: URI handler, and was identified by Huntress.

  • SECURITYMay 27 · 10:06 UTCTHE HACKER NEWS
    Gitea Vulnerability Exposes Private Container Images without Authentication

    A security flaw in Gitea, an open-source version control platform, allows unauthenticated attackers to access private container images. The vulnerability, CVE-2026-27771, affects all versions prior to 1.26.2 and was disclosed by cybersecurity researchers.

  • SECURITYMay 21 · 07:35 UTCTHE HACKER NEWS
    9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

    Cybersecurity researchers have disclosed a 9-year-old Linux kernel vulnerability (CVE-2026-46333) with a CVSS score of 5.5 that enables unprivileged local users to execute arbitrary commands as root on major Linux distributions. The flaw involves improper privilege management and affects default installations across several major distros.

  • SECURITYMay 8 · 15:08 UTCTHE HACKER NEWS
    Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

    Cybersecurity researchers discovered 28 fraudulent apps on the Google Play Store that tricked users into joining a subscription with fake data, resulting in financial loss. The apps collectively gained over 7.3 million downloads. One app alone accounted for a significant portion of these downloads.

  • SECURITYMay 3 · 14:11 UTCBLEEPING COMPUTER
    Telegram Mini Apps abused for crypto scams, Android malware delivery

    Cybersecurity researchers discovered a large-scale fraud operation exploiting Telegram's Mini App feature to conduct crypto scams, impersonate brands, and deliver Android malware.

  • SECURITYApr 29 · 14:43 UTCTHE HACKER NEWS
    New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

    Cybersecurity researchers discovered a malicious npm package, '@validate-sdk/v2', used in attacks attributed to the DPRK. The package, falsely presented as a legitimate SDK, was linked to Anthropic's Claude Opus LLM and employs AI-inserted malware, fake firms, and RATs for cyber operations.

  • SECURITYApr 28 · 18:19 UTCTHE HACKER NEWS
    Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

    Cybersecurity researchers discovered a critical remote code execution (RCE) vulnerability in GitHub.com and GitHub Enterprise Server, tracked as CVE-2026-3854 (CVSS score: 8.7). The flaw allows authenticated users with push access to exploit a command injection vulnerability via a single 'git push' command.

  • SECURITYApr 27 · 11:23 UTCTHE HACKER NEWS
    Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

    Cybersecurity researchers discovered 73 fake Microsoft Visual Studio Code extensions on the Open VSX repository linked to the GlassWorm v2 malware campaign. The malicious extensions, cloned from legitimate ones, include six confirmed to deliver malware.

  • SECURITYApr 20 · 10:42 UTCTHE HACKER NEWS
    Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

    Cybersecurity researchers identified a critical design flaw in the Model Context Protocol (MCP) that could enable remote code execution (RCE), posing significant risks to systems using vulnerable MCP implementations and threatening the AI supply chain.

  • SECURITYApr 20 · 07:34 UTCTHE HACKER NEWS
    Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

    Researchers have identified a new malware named ZionSiphon, specifically targeting Israeli water treatment and desalination operational technology (OT) systems. The malware, detected by Darktrace, is capable of establishing persistence, modifying configuration files, and scanning for OT services.

  • SECURITYApr 16 · 20:19 UTCBLEEPING COMPUTER
    New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges

    A researcher named 'Chaotic Eclipse' has released a proof-of-concept exploit for a Microsoft Defender zero-day vulnerability called 'RedSun,' which grants SYSTEM privileges. The exploit was published as a protest against Microsoft's handling of cybersecurity researchers.

  • SECURITYApr 10 · 13:23 UTCTHE HACKER NEWS
    GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

    The GlassWorm campaign has evolved with a new Zig dropper designed to infect multiple developer IDEs. Researchers identified the threat in a malicious Open VSX extension named 'specstudio.code-wakatime-activity-tracker,' which disguises itself as the legitimate WakaTime tool.

  • SECURITYApr 8 · 17:51 UTCTHE HACKER NEWS
    New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

    A new variant of Chaos malware is targeting misconfigured cloud deployments, expanding its scope beyond routers and edge devices. Darktrace reported this development in a recent analysis.

  • SECURITYApr 8 · 16:30 UTCTHE HACKER NEWS
    Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

    Cybersecurity researchers have uncovered the Masjesu Botnet, a DDoS-for-hire service advertised on Telegram since 2023. It targets global IoT devices, including routers and gateways, across multiple architectures.

cybersecurity researchers · Dossier · The Nexus