The Hacker News

🚨 QLNX, a previously undocumented #Linux RAT, is targeting developers and DevOps systems to steal npm, PyPI, AWS, Kubernetes, Docker, and CI/CD credentials. The malware uses fileless execution, PAM backdoors, eBPF rootkits, and 58 remote commands to maintain covert access and hijack software supply chains. Learn more about QLNX here: https://thehackernews.com/2026/05/quasar-linux-rat-steals-developer.html

⚠️ A new #Linux flaw is now under active exploitation. CISA added CVE-2026-31431 to its KEV list. The bug lets low-privilege users gain full root access. Patches released. Fix deadline: May 15, 2026. Read: https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html

⚠️ A new #Linux flaw mirrors Dirty Pipe—but adds cross-container impact. “Copy Fail” (CVE-2026-31431) lets any local user overwrite cached system files and run them as root. No race condition. Works across major Linux distros since 2017. 🔗 Read → https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html

⚡ 25,000 U.S. businesses already use macOS, and the number keeps growing. Yet macOS threats are still flying under the radar for most security teams. Attackers know this. 👀 And they're quietly adding more cross-platform threats to take advantage of it, targeting sensitive data. That's exactly why #ANYRUN just levelled up. The sandbox now supports #macOS alongside #Windows, #Linux, and #Android — one unified place, full visibility, faster verdicts. 👉 Close the gap before it becomes a costly one: https://thn.news/mac-threat-analysis

🚨 China-linked APT UAT-9244 has been targeting telecom networks in South America since 2024. Cisco Talos uncovered 3 new implants across Windows, #Linux, and edge devices—used for persistence, command control, and large-scale brute-force scanning. 🔗 Inside TernDoor, PeerTime, and BruteEntry → https://thehackernews.com/2026/03/china-linked-hackers-use-terndoor.html