en
Feedback
The Hacker News

The Hacker News

Open in Telegram

โญ Official THN Telegram Channel โ€” A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking. ๐Ÿ“จ Contact: admin@thehackernews.com ๐ŸŒ Website: https://thehackernews.com

Show more

๐Ÿ“ˆ Analytical overview of Telegram channel The Hacker News

Channel The Hacker News (@thehackernews) in the English language segment is an active participant. Currently, the community unites 161 564 subscribers, ranking 693 in the Technologies & Applications category and 107 in the USA region.

๐Ÿ“Š Audience metrics and dynamics

Since its creation on ะฝะตะฒั–ะดะพะผะพ, the project has demonstrated rapid growth, gathering an audience of 161 564 subscribers.

According to the latest data from 30 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by -378 over the last 30 days and by -15 over the last 24 hours, overall reach remains high.

  • Verification status: Verified (Officially confirmed by Telegram)
  • Engagement rate (ER): The average audience engagement rate is 4.61%. Within the first 24 hours after publication, content typically collects 3.08% reactions from the total number of subscribers.
  • Post reach: On average, each post receives 7 453 views. Within the first day, a publication typically gains 4 977 views.
  • Reactions and interaction: The audience actively supports content: the average number of reactions per post is 14.
  • Thematic interests: Content is focused on key topics such as attack, credential, cve-2026, github, backdoor.

๐Ÿ“ Description and content policy

The author describes the resource as a platform for expressing subjective opinions:
โ€œโญ Official THN Telegram Channel โ€” A trusted, widely read, independent source for breaking news and tech coverage about cybersecurity and hacking. ๐Ÿ“จ Contact: admin@thehackernews.com ๐ŸŒ Website: https://thehackernews.comโ€

Thanks to the high frequency of updates (latest data received on 01 July, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.

161 564
Subscribers
-1524 hours
-907 days
-37830 days
Posts Archive
โš ๏ธ Microsoft is warning about a new way AI agents can be manipulated through MCP tools. The issue is not a broken rule or a s
โš ๏ธ Microsoft is warning about a new way AI agents can be manipulated through MCP tools. The issue is not a broken rule or a software bug. A malicious tool description can hide instructions that make an agent collect company data, such as unpaid invoices, and send it out through a normal-looking tool call. Details here: https://thehackernews.com/2026/06/microsoft-warns-poisoned-mcp-tool.html

๐Ÿ›‘ A new RustDuck botnet is turning routers, cameras, Android boxes, and poorly secured servers into DDoS nodes. It spreads t
๐Ÿ›‘ A new RustDuck botnet is turning routers, cameras, Android boxes, and poorly secured servers into DDoS nodes. It spreads through weak Telnet/SSH logins, exposed ADB, and old flaws, while its newer core is being rewritten in Rust. Details ๐Ÿ ’ https://thehackernews.com/2026/06/rustduck-botnet-rebuilds-in-rust-to.html

๐Ÿšจ CVE-2026-33017 is being exploited against Langflow. Attackers abuse an unauthenticated API endpoint to run Python code, dr
๐Ÿšจ CVE-2026-33017 is being exploited against Langflow. Attackers abuse an unauthenticated API endpoint to run Python code, drop Lambsys, and launch a Monero miner. Lambsys can spread via reused SSH keys. Langflow attack chain: https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html

โš ๏ธ A fake โ€œGoogle Notesโ€ extension is swapping #cryptocurrency wallet addresses inside Chromium browsers. Experts call it "Si
โš ๏ธ A fake โ€œGoogle Notesโ€ extension is swapping #cryptocurrency wallet addresses inside Chromium browsers. Experts call it "Silent Swap" Unsigned .NET and Golang installers inject the extension, alter browser preference files, and use EtherHiding to rotate C2. Details here โž https://thehackernews.com/2026/06/silent-swap-crypto-clipper-uses-fake.html

๐Ÿ›‘ Old shell tricks didnโ€™t die. They found a new target ๐Ÿ ’ AI coding agents. Researchers shows how Bash parsing can slip past
๐Ÿ›‘ Old shell tricks didnโ€™t die. They found a new target ๐Ÿ ’ AI coding agents. Researchers shows how Bash parsing can slip past weak text-based command guards, letting r''m become rm before execution. GuardFall bypass worked on 10 of 11 open-source agents tested. Read how it works: https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html

๐Ÿ›‘ A leaked AI key is not just a secret anymore. It is a running bill. Researchers tested 444 iOS AI chatbot apps. Over 250 e
๐Ÿ›‘ A leaked AI key is not just a secret anymore. It is a running bill. Researchers tested 444 iOS AI chatbot apps. Over 250 exposed paid LLM access through network traffic. > Plaintext keys > Replayable tokens > Open backend proxies with no auth Read the THN report: https://thehackernews.com/2026/06/282-ios-apps-found-leaking-llm-api-keys.html

Fraud infrastructure for FIFA World Cup 2026 was already in place before June 11 kickoff. Check Point saw 60x spike in fake s
Fraud infrastructure for FIFA World Cup 2026 was already in place before June 11 kickoff. Check Point saw 60x spike in fake sportsbook apps (64 samples) + large-scale travel/phishing domains, some with MX set for email interception. Full report: https://thehackernews.com/2026/06/what-numbers-say-about-fifa-2026-cyber.html

๐Ÿ›‘ SimpleHelp RMM CVE-2026-48558 exploited for OIDC authentication bypass. Attackers gain technician sessions to deploy TaskW
๐Ÿ›‘ SimpleHelp RMM CVE-2026-48558 exploited for OIDC authentication bypass. Attackers gain technician sessions to deploy TaskWeaver and Djinn Stealer. Djinn Stealer targets cloud, code, AI tools, browsers, SSH, and wallets. Read the full story: https://thehackernews.com/2026/06/attackers-exploit-simplehelp-cve-2026.html

๐Ÿšจ Nearby file sharing has a local blind spot. Researchers found six flaws in AirDrop and Quick Share that can crash sharing
๐Ÿšจ Nearby file sharing has a local blind spot. Researchers found six flaws in AirDrop and Quick Share that can crash sharing services, bypass Samsung session checks, and trigger a crash in Googleโ€™s Windows app. Apple and Google have started fixes. Read: https://thehackernews.com/2026/06/airdrop-and-quick-share-flaws-let.html

๐ŸŽฎ Tell an AI browser itโ€™s just playing a game. Researchers say "BioShocking" tricked six AI agents, including #ChatGPT Atlas
๐ŸŽฎ Tell an AI browser itโ€™s just playing a game. Researchers say "BioShocking" tricked six AI agents, including #ChatGPT Atlas, Comet, and #Claude, into copying GitHub SSH credentials from a signed-in session. Read how the attack chain worked: https://thehackernews.com/2026/06/new-bioshocking-attack-tricks-ai.html

โš ๏ธ Public PoC is out for CVE-2026-8037, a critical Progress Kemp LoadMaster API flaw. It lets unauthenticated attackers run r
โš ๏ธ Public PoC is out for CVE-2026-8037, a critical Progress Kemp LoadMaster API flaw. It lets unauthenticated attackers run root commands when the API is enabled. Patch now. Restrict API exposure. Full story: https://thehackernews.com/2026/06/progress-kemp-loadmaster-flaw-could-let.html

โšก Apple patched WebKit bugs found with AI tools. The updates fix 30+ flaws across: > iOS 26.5.2 > macOS Tahoe 26.5.2 > Safari
โšก Apple patched WebKit bugs found with AI tools. The updates fix 30+ flaws across: > iOS 26.5.2 > macOS Tahoe 26.5.2 > Safari 26.5.2 The fixes include WebKit CVEs, sandbox issues, and kernel-level bugs. Details: https://thehackernews.com/2026/06/apple-patches-30-ios-macos-safari-flaws.html

๐Ÿšจ Oracle E-Business Suite has a new active exploitation problem. CVE-2026-46817 is a CVSS 9.8 flaw in Oracle Payments that c
๐Ÿšจ Oracle E-Business Suite has a new active exploitation problem. CVE-2026-46817 is a CVSS 9.8 flaw in Oracle Payments that can allow unauthenticated HTTP takeover. No public PoC. Attribution unknown. Read the full report: https://thehackernews.com/2026/06/oracle-e-business-suite-flaw-cve-2026.html

๐Ÿ›‘ The extension did not need to steal passwords to be dangerous. Microsoft found a fake #Perplexity Chrome extension that lo
๐Ÿ›‘ The extension did not need to steal passwords to be dangerous. Microsoft found a fake #Perplexity Chrome extension that logged searches and address bar input before redirecting users to real results. How it worked, and what users should check: https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html

๐Ÿ”ฅ #WhatsApp is finally getting usernames. The app has started global username reservations before a wider rollout later this
๐Ÿ”ฅ #WhatsApp is finally getting usernames. The app has started global username reservations before a wider rollout later this year. So people can message each other without handing over a phone number. Details here: https://thehackernews.com/2026/06/whatsapp-is-finally-getting-usernames.html

โšก DirtyClone leads the week, but the rest of the queue is ugly: ๐Ÿง Linux root bug ๐Ÿšจ PTC exploited ๐ŸŽ Gaslight malware ๐ŸŽฏ Tur
โšก DirtyClone leads the week, but the rest of the queue is ugly: ๐Ÿง Linux root bug ๐Ÿšจ PTC exploited ๐ŸŽ Gaslight malware ๐ŸŽฏ Turla backdoor ๐Ÿงน StealC takedown ๐Ÿค– Agent prompt injection ๐Ÿ•ต๏ธ New infostealers ๐Ÿ“บ DVR proxy abuse ๐Ÿงฉ Urgent CVEs Full recap: https://thehackernews.com/2026/06/weekly-recap-linux-kernel-flaws-ai.html

โš ๏ธ Mustang Panda hid C2 in cloud traffic. Acronis says the China-aligned group abused Zoho WorkDrive as a command channel in
โš ๏ธ Mustang Panda hid C2 in cloud traffic. Acronis says the China-aligned group abused Zoho WorkDrive as a command channel in campaigns against Indian government and hydropower targets. ZOHOMURK read commands from an inbox folder and wrote stolen output to an outbox. Read ๐Ÿ – https://thehackernews.com/2026/06/mustang-panda-uses-zoho-workdrive-as.html

Your encrypted credentials may not stay encrypted forever. Attackers can harvest them now, store them, and decrypt them later
Your encrypted credentials may not stay encrypted forever. Attackers can harvest them now, store them, and decrypt them later when quantum hardware catches up. That is why post-quantum migration should start with long-lived credentials and machine identities. Read the full story: https://thehackernews.com/2026/06/why-post-quantum-cryptography-starts.html

๐Ÿ›‘ EvilTokens hides account takeover risk from your SOC. Static URL analysis misses it as the phishing page appears only afte
๐Ÿ›‘ EvilTokens hides account takeover risk from your SOC. Static URL analysis misses it as the phishing page appears only after browser-side decryption. Avoid visibility gaps and accelerate response by uncovering the full attack flow in 1 min. Read โž https://thn.news/ghost-analysis-2023

๐Ÿ›‘ 236,493 scam domains. Experts say DCloud Uni-App templates are being used to run fake crypto exchanges, #WhatsApp phishing
๐Ÿ›‘ 236,493 scam domains. Experts say DCloud Uni-App templates are being used to run fake crypto exchanges, #WhatsApp phishing, gambling scams, and wallet drainers. Read the full story โž https://thehackernews.com/2026/06/236000-dcloud-uni-app-sites-used-in.html