The Hacker News

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

Agent ID Administrator enabled service principal takeover before April 9, 2026 patch, exposing privilege escalation risk in ...
The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

‘Unlimited Attack Vectors’—All Windows Versions At Risk From New Flaw

Security researchers have uncovered an unpatched Windows security bug with effectively unlimited potential attack ...