The Hacker News

🚨 New analysis reveals browser extensions legally selling user data. 80 extensions affect 6.5M+ users—ad blockers and streaming tools included—collecting and reselling browsing, viewing, and demographic data. All disclosed in privacy policies. Read: https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html#extensions-legally-sell-user-data

🚨 Cybersecurity firm Trellix confirms a breach. Attackers accessed part of its source code repository; no exploitation or release impact found. Investigation ongoing with forensic experts and law enforcement. Details ➜ https://thehackernews.com/2026/05/trellix-confirms-source-code-breach.html

🛑 30,000 Facebook accounts compromised in a phishing campaign using Google AppSheet emails. A Vietnamese-linked operation called AccountDumpling targeted Facebook Business users, stole credentials, sent data to Telegram, and resold accounts. Read: https://thehackernews.com/2026/05/30000-facebook-accounts-hacked-via.html

⚠️ Two cybercrime groups are executing rapid SaaS attacks with minimal trace. Cordial Spider and Snarky Spider use vishing and AiTM phishing to steal credentials, bypass MFA, and access multiple platforms through SSO. Read: https://thehackernews.com/2026/05/cybercrime-groups-using-vishing-and-sso.html

⚠️ China-linked hackers targeted governments across Asia + a NATO state (Poland), exploiting Exchange/IIS flaws to deploy ShadowPad. At the same time: journalists & activists hit with phishing campaigns. Two ops. Same priorities. Details here → https://thehackernews.com/2026/05/china-linked-hackers-target-asian.html

Cybersecurity market: $38 B → $69 B by 2030 Yet MSPs still lose deals: • 77% can’t create urgency • 66% face cost pushback • 8+ decision-makers per deal Fix: sell outcomes, not tech Read more → https://thehackernews.com/2026/05/top-five-sales-challenges-costing-msps.html

🛑 Two cybersecurity professionals were sentenced to four years each for helping deploy BlackCat ransomware across the U.S. in 2023. They took a share of ransom payments, including about $1.2 million in Bitcoin from one victim. Read → https://thehackernews.com/2026/05/two-cybersecurity-professionals-get-4.html

😬 Poisoned Ruby gems + Go modules used in a supply chain attack. • Steal AWS creds, SSH keys, configs • Tamper GitHub Actions via fake binaries • Add SSH access for persistence Read → https://thehackernews.com/2026/05/poisoned-ruby-gems-and-go-modules.html

⚠️ Update: Mini Shai-Hulud is spreading across ecosystems. → intercom-client (npm) and intercom-php (Packagist) compromised → Install-time hooks deploy credential stealer Attack targets GitHub tokens, cloud creds, SSH keys, Kubernetes, Vault, Docker, and .env files. Read: https://thehackernews.com/2026/04/pytorch-lightning-compromised-in-pypi.html#intercom-npm-and-packagist-package-compromised-as-part-of-mini-shai-hulud Campaign linked to TeamPCP and earlier Lightning compromise.

🤦‍♂️ Another supply chain hit. intercom-client npm package compromised → Malicious preinstall hook executes on install → Credentials targeted across dev & CI/CD Linked to ongoing Mini Shai-Hulud campaign. Read this update here: https://thehackernews.com/2026/04/pytorch-lightning-compromised-in-pypi.html#intercom-npm-package-compromised-as-part-of-mini-shai-hulud

🚨 Supply chain attacks are escalating... A widely used AI dev tool, PyTorch Lightning, was compromised on PyPI and turned into a credential stealer. → Malicious code runs on import → No user action needed → Credentials silently stolen Read: https://thehackernews.com/2026/04/pytorch-lightning-compromised-in-pypi.html

🔥 Cyber chaos exploding this week... • Fake cell towers • npm .env theft • Extensions sell data • 3.4M servers exposed • Vidar tops stealers • 38 OpenEMR flaws • Komari backdoor used • Saiga 2FA kits • Black Axe arrests • PhantomRPC unpatched • Robinhood phishing trick • arXiv leaks keys • Qinglong crypto mining • PyPI supply attack 🛡️ Full list here → https://thehackernews.com/2026/04/threatsday-bulletin-sms-blaster-busts.html