The Hacker News

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.
Bleeping Computer

State hackers use new PowerShell backdoor in Log4j attacks

Hackers believed to be part of the Iranian APT35 state-backed group (aka 'Charming Kitten' or 'Phosphorus') has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor. The ...
CSOonline

BianLian group exploits TeamCity again, deploys PowerShell backdoor

The BianLian extortion group was recently seen exploiting vulnerabilities in the TeamCity continuous integration server for initial access into networks. In the latest attacks the group also deployed ...