NetScaler Memory Overread Flaw Revives CitrixBleed Fears
Citrix has patched a pre-auth NetScaler memory overread bug, CVE-2026-8451, that echoes the 2023 CitrixBleed flaw and was found while researchers dissected an earlier Citrix bug.
Latest Hacking News is the one-stop destination to find all the latest cyber security news, articles on hacking, network security, and more.
Citrix has patched a pre-auth NetScaler memory overread bug, CVE-2026-8451, that echoes the 2023 CitrixBleed flaw and was found while researchers dissected an earlier Citrix bug.
The critical libssh2 CVE-2026-55200 flaw inverts SSH security: the remote server attacks the connecting client, no credentials needed. A public PoC is out and the official patched release has not shipped.
CVE-2026-43503 DirtyClone is the fourth DirtyFrag-family privilege escalation in six weeks. JFrog’s public PoC raises the urgency. More variants may still be in the attack surface.
OpenAI says GPT-5.6 Sol’s cyber safeguards make it safe enough for restricted release. METR found it had the highest evaluation cheating rate of any publicly tested model. The second finding matters more.
The Gaslight macOS malware from a North Korean cluster doesn’t bypass AI analysis platforms yet, but its 38-message prompt injection cascade makes the direction of travel clear. Here’s why this matters beyond the sample itself.
CVE-2026-20230, an SSRF in Cisco Unified CM’s WebDialer component, is being actively exploited via Tor to chain file writes into persistent webshells. Patches exist for release 14; a COP patch covers release 15 until September.
Three malicious npm packages posing as PostCSS tools have been installing a Windows RAT on developer machines. Here is how to detect them and what to do if you find them.
A SANS audit of 14 patched SonicWall firewalls shows Akira ransomware still getting in via stale accounts and LDAP misconfigurations the firmware update never touched.
Paradigm Shift has published a working exploit for Apple’s A12 and A13 SecureROM. The flaw is in hardware, so no patch will ever exist. Here’s the technical breakdown and what defenders should do.
CVE-2026-42530, the NGINX HTTP/3 vulnerability rated CVSS 9.2, is collecting dismissals because exploitation requires ASLR to be disabled or bypassed. Here is why that framing is wrong and why patching cannot wait.