---
source: newsletter
source_url: https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html
tags: [security]
review_value: 8
review_confidence: 8
review_recommendation: strong
review_stars: 4
ingested: 2026-05-12
sha256: 4f66ebd6213b08792c409378ef43b5eeda99c564b31220c2ca6b5a0bf341d133
---
# We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million[__](https://twitter.com/thehackersnews)[__](https://www.linkedin.com/company/thehackernews/)[__](https://www.facebook.com/thehackernews)
[![Image 1: The Hacker News Logo](blob:http://localhost/5c34172ae87fab3ecb77bf8cfaf83e48)](https://thehackernews.com/)
[__](javascript:void(0))
__
[__ Get the Latest News](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#email-outer)
*   [Home](https://thehackernews.com/)
*   [Newsletter](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#email-outer)
*   [Webinars](https://thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Home](https://thehackernews.com/)
*   [Threat Intelligence](https://thehackernews.com/search/label/Threat%20Intelligence)
*   [Vulnerabilities](https://thehackernews.com/search/label/Vulnerability)
*   [Cyber Attacks](https://thehackernews.com/search/label/Cyber%20Attack)
*   [Webinars](https://thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Expert Insights](https://thehackernews.com/expert-insights/)
*   [Awards](https://awards.thehackernews.com/)
[__](javascript:void(0))
__
[__](javascript:void(0))
Resources
*   [Webinars](https://thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Awards](https://awards.thehackernews.com/)
*   [Free eBooks](https://thehackernews.tradepub.com/)
About Site
*   [About THN](https://thehackernews.com/p/about-us.html)
*   [Jobs](https://thehackernews.com/p/careers-technical-writer-designer-and.html)
*   [Advertise with us](https://thehackernews.com/p/advertising-with-hacker-news.html)
Contact/Tip Us
[__ Reach out to get featured—contact us to send your exclusive story idea, research, hacks, or ask us a question or leave a comment/feedback!](https://thehackernews.com/p/submit-news.html)
Follow Us On Social Media
[__](https://www.facebook.com/thehackernews)[__](https://twitter.com/thehackersnews)[__](https://www.linkedin.com/company/thehackernews/)[__](https://www.youtube.com/c/thehackernews?sub_confirmation=1)[__](https://www.instagram.com/thehackernews/)
[__ RSS Feeds](https://feeds.feedburner.com/TheHackersNews)[__ Email Alerts](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#email-outer)
[![Image 2: cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyqUz0-ifa8jE9rCzud3wzxmhcuzTp1VOWFEvGMoZXDYfaB_4459fPyvyQw7wvAnzjzDL09PkyJM83QGheO69fC3esg1WA7WnJ89i_t_q3K8DxYmgV__QujU8RWRnCK4MpbKqu8nwuMFfLaiRVHy_ov7IZ16hoKI3rIu-5BcISmqXPjlQU7N0sa4lWI-n-/s728-e100/wiz-d.png)](https://thehackernews.uk/wiz-ai-state-d)
# [We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html)
__ The Hacker News __ May 05, 2026 Artificial Intelligence / API Security
[![Image 3](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJcSH4TD_VT_40WBni-IecCy9etWtsaPKvEXzvqJrDVNl0rTIg_XXWSygEBXAIP7y4saSzakCzASpQL6vtRnHRHULD71drQ3gr-y9PpzOeeQ4JzkDGorQe26Iy7zCRp0tyc_h8EYpJYEMkYjlophh6fnhGnb0ZnRqmier4jB4nMXO2A_4j2duMoSQGKbo/s1700-e365/intruder.jpg)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJcSH4TD_VT_40WBni-IecCy9etWtsaPKvEXzvqJrDVNl0rTIg_XXWSygEBXAIP7y4saSzakCzASpQL6vtRnHRHULD71drQ3gr-y9PpzOeeQ4JzkDGorQe26Iy7zCRp0tyc_h8EYpJYEMkYjlophh6fnhGnb0ZnRqmier4jB4nMXO2A_4j2duMoSQGKbo/s1700-e365/intruder.jpg)
While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the pressure to deliver more value faster. But speed is coming at the expense of security.
In the wake of the [ClawdBot fiasco](https://www.intruder.io/blog/clawdbot-when-easy-ai-becomes-a-security-nightmare?utm_source=thehackernews&utm_medium=p_referral&utm_campaign=global%7Cfixed%7Cai_research) — the viral self-hosted AI assistant that’s averaging an eye-watering [2.6 CVEs per day](https://days-since-openclaw-cve.com/) — [the Intruder team](https://www.intruder.io/?utm_source=thehackernews&utm_medium=p_referral&utm_campaign=global%7Cfixed%7Cai_research) wanted to investigate how bad the security of AI infrastructure actually is.
To scope the attack surface, we used certificate transparency logs to pull just over 2 million hosts with 1 million exposed services. What we found wasn’t pretty. In fact, the AI infrastructure we scanned was more vulnerable, exposed, and misconfigured than any other software we've ever investigated.
## No authentication by default
It didn’t take long to spot an alarming pattern: a significant number of hosts had been deployed straight out of the box, with no authentication in place. Looking into the source code revealed why: authentication simply isn't enabled by default in many of these projects.
Real user data and company tooling were sitting exposed to anyone who looked. In the wrong hands, the consequences range from reputational damage to full compromise.
Here are some of the most striking examples of what was exposed.
### Freely accessible chatbots
A number of instances involved chatbots that left user conversations exposed. One example, based on OpenUI, exposed a user's full LLM conversation history. It might seem relatively innocent on the surface, but chat histories in enterprise environments can reveal a lot.
[](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html)
[![Image 4](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhj3GLhpJqMlDCFv1L8rjCKJ48SLk18q_bhATdwEdAljl8d0w6kXNRNHKxl_qzn6Yc7vzc0c_AbEPKy7e3shPJk_t9pRjKCIo33lvU515BBrRiWfdtFf_T0If_-JiB1x37YwAT1KS-H_D0Db3WvEcKjh1EzUNWvuh6Bun_NkUflqZH4ff2qQMR4kD1_NA/s1700-e365/1.png)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhj3GLhpJqMlDCFv1L8rjCKJ48SLk18q_bhATdwEdAljl8d0w6kXNRNHKxl_qzn6Yc7vzc0c_AbEPKy7e3shPJk_t9pRjKCIo33lvU515BBrRiWfdtFf_T0If_-JiB1x37YwAT1KS-H_D0Db3WvEcKjh1EzUNWvuh6Bun_NkUflqZH4ff2qQMR4kD1_NA/s1700-e365/1.png)
More concerning were generic chatbots hosting a wide range of models — including multimodal LLMs — freely available to use. Malicious users can [jailbreak](https://www.cyberark.com/resources/threat-research-blog/jailbreaking-every-llm-with-one-simple-click) most models to bypass safety guardrails for nefarious purposes — like generating illegal imagery, or soliciting advice with intent to commit a crime — and do so without fear of repercussion, since they're using someone else's infrastructure. This isn't hypothetical. People are finding [creative ways](https://www.lasso.security/blog/amazon-chatbot-gone-wrong) to abuse company chatbots to access more capable models without paying or having requests logged to their own accounts.
There were also some _questionable_ chatbots exposing large volumes of personal NSFW conversations. If that wasn't bad enough, the software running the Claude-powered goon-bots also disclosed their API keys in plaintext.
[![Image 5](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitPSL5Kl8L19owvNPEM9F95jSMWo6ee8coWo_xva9EklFP0Zn0AzbUWwWkJryG6TNnlxaMBD0Sw2TzuGOw0R2Ed9uWnfeHbTqm-R5ry2zqoEAP6dPRkQIJL_fyWXzzMRhu_SGzSlLTJ3gp9ePCYY5k4gicMbCm383IeGvhCi_QNXlVm1CckqIveF1qesc/s1700-e365/2.png)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitPSL5Kl8L19owvNPEM9F95jSMWo6ee8coWo_xva9EklFP0Zn0AzbUWwWkJryG6TNnlxaMBD0Sw2TzuGOw0R2Ed9uWnfeHbTqm-R5ry2zqoEAP6dPRkQIJL_fyWXzzMRhu_SGzSlLTJ3gp9ePCYY5k4gicMbCm383IeGvhCi_QNXlVm1CckqIveF1qesc/s1700-e365/2.png)
### Wide open agent management platforms
We also discovered exposed instances of agent management platforms, including n8n and Flowise. Some instances that users clearly thought were internal had been exposed to the internet without authentication. One of the most egregious examples was a Flowise instance that exposed the entire business logic of an LLM chatbot service.
[![Image 6](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggm1jQ4OnphHKP8RfuMNrRcqIR88vy_DZm2RAQvYEmlUkNpr-f7v4s2QlaijE6GCh6xt_Z8wA6_DHaRshLEnH3xVgk-7OFSSRB3aUsyIrnpfHTAtwO3aycVr33xtkxAIuA19rKRQkbtb1yuMqUcPbn-J_bdav1XeFIuaVCXKSWC4LtFhkdhPz2DWYePCw/s1700-e365/3.png)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggm1jQ4OnphHKP8RfuMNrRcqIR88vy_DZm2RAQvYEmlUkNpr-f7v4s2QlaijE6GCh6xt_Z8wA6_DHaRshLEnH3xVgk-7OFSSRB3aUsyIrnpfHTAtwO3aycVr33xtkxAIuA19rKRQkbtb1yuMqUcPbn-J_bdav1XeFIuaVCXKSWC4LtFhkdhPz2DWYePCw/s1700-e365/3.png)
Their credential list was exposed too. Flowise was hardened enough not to reveal the stored values to an unauthenticated visitor, which limits the immediate damage, but an attacker could still use the tools connected to those credentials to exfiltrate sensitive information.
This is what makes these platforms particularly dangerous. There's a distinct absence of proper access management controls in AI tooling, meaning access to a bot that's integrated with a third-party system often means access to everything it touches.
In another example, the setup exposed a number of internet parsing tools and potentially dangerous local functions, such as file writes and code interpreting, making server-side code execution a realistic prospect.
[![Image 7](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoOU_fh4S5ToDy5Zm4aUS2hNnhBklTylLtxqvRf-PvbQmnOdO26DNVOnmLcX3ufUBdUy1FxRA_MncEucTb2_Y3uqOXqhHCSyNDTcefzxeTsvYe7MZeXt8u2ZPs3_R8lG3BBApn1DSEIin88GxCqE9FoV5TcblT9gJmxXqNwgbbouBBGsVFw6p6msIkwl8/s1700-e365/4.png)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoOU_fh4S5ToDy5Zm4aUS2hNnhBklTylLtxqvRf-PvbQmnOdO26DNVOnmLcX3ufUBdUy1FxRA_MncEucTb2_Y3uqOXqhHCSyNDTcefzxeTsvYe7MZeXt8u2ZPs3_R8lG3BBApn1DSEIin88GxCqE9FoV5TcblT9gJmxXqNwgbbouBBGsVFw6p6msIkwl8/s1700-e365/4.png)
We identified over 90 exposed instances across sectors such as government, marketing, and finance. All of those chatbots, their workflows, prompts, and outward access were open. An attacker could modify the workflows, redirect traffic, expose user data, or poison responses.
### Saying hello to unsecured Ollama APIs
One of the more surprising findings was the sheer number of exposed Ollama APIs accessible without authentication, with a model connected. We fired a single prompt ("Hello") to every server that listed a connected model, to see if we’d be prompted to authenticate. Of the 5,200+ servers queried, 31% answered.
The responses gave a window into what these APIs were being used for. We couldn't morally explore any further, but the implications are far-reaching. A few examples:
_"Greetings, Master. Your command is my law. What is your desire? Speak freely. I am here to fulfill it, without hesitation or question."_
_"I am here to assist you in any way I can with your health and wellbeing issues. Whether it's anxiety, sleep problems, or other concerns, don't hesitate to ask me for help."_
_"Welcome! I'm an AI assistant integrated with our cloud management systems. I can help you with operational tasks, infrastructure deployment, and service queries."_
Ollama doesn't store messages directly, so there's no immediate risk of conversation data being exposed. But many of these instances were wrapping paid frontier models from Anthropic, Deepseek, Moonshot, Google, and OpenAI. Of all the models identified across all servers, 518 were wrapping well-known frontier models.
## Insecure by design
After triaging the results, it was clear that some of the tech warranted a closer look. We spent time analyzing a subset of the applications in a lab environment — and found repeated insecure patterns throughout:
*   **Poor deployment practices:** Insecure defaults, misconfigured Docker setups, hardcoded credentials, applications running as root
*   **No authentication on fresh installs:** Many projects drop users straight into a high-privilege account with full management access
*   **Hardcoded and static credentials:** Embedded in setup examples and docker-compose files rather than generated on installation
*   **New technical vulnerabilities:** Within a couple of days of lab work, we had already found arbitrary code execution in one popular AI project
These misconfigurations are made even worse when agents have access to tools like code interpretation. The blast radius gets significantly larger when sandboxing is weak, and the infrastructure isn't sitting in a DMZ.
## Speed is winning. Security is lagging behind
Some of the projects powering LLM infrastructure have clearly abandoned decades of hard-won security best practices in favour of shipping fast. That said, it's not purely a vendor problem. The speed of AI adoption and the pressure to beat competitors to market are what’s driving it.
Don't wait for an attacker to find your exposed AI infrastructure first. [Intruder finds misconfigurations and shows you what's visible from the outside](https://www.intruder.io/?utm_source=thehackernews&utm_medium=p_referral&utm_campaign=global%7Cfixed%7Cai_research).
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on [Google News](https://news.google.com/publications/CAAqLQgKIidDQklTRndnTWFoTUtFWFJvWldoaFkydGxjbTVsZDNNdVkyOXRLQUFQAQ), [Twitter](https://twitter.com/thehackersnews) and [LinkedIn](https://www.linkedin.com/company/thehackernews/) to read more exclusive content we post.
SHARE[__](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)[__](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)[__](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)[__](javascript:void(0))
[__ Tweet](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)
[__ Share](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)
[__ Share](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)
__ Share
[__](javascript:void(0))[__ Share on Facebook](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)[__ Share on Twitter](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)[__ Share on Linkedin](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)[__ Share on Reddit](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)[__ Share on Hacker News](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)[__ Share on Email](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)[__ Share on WhatsApp](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)[![Image 8: Facebook Messenger](blob:http://localhost/4790c518974848fb287f0be1d99a37a0)Share on Facebook Messenger](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)[__ Share on Telegram](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html#link_share)
[SHARE __](javascript:void(0))
[Access Control](https://thehackernews.com/search/label/Access%20Control), [API Security](https://thehackernews.com/search/label/API%20Security), [artificial intelligence](https://thehackernews.com/search/label/artificial%20intelligence), [Cloud security](https://thehackernews.com/search/label/Cloud%20security), [cybersecurity](https://thehackernews.com/search/label/cybersecurity), [data breach](https://thehackernews.com/search/label/data%20breach), [Infrastructure Security](https://thehackernews.com/search/label/Infrastructure%20Security), [Risk management](https://thehackernews.com/search/label/Risk%20management), [software development](https://thehackernews.com/search/label/software%20development), [Vulnerability](https://thehackernews.com/search/label/Vulnerability)
⚡ Top Stories This Week
[![Image 9: 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilUS_xmTpvaJtwhFTnxsBtKSx2hWroMJKWUCKeB_CNx_9-5T85bdpqGfTZ0__XITi-i6ZnndaiiiFggf3Cgf-35KK-G6sEwvnlqom2DK6U-oH_o9GhEGNyd9kiSti-QC_dpl3v7b7IniC9kAUzV265yVbVsWAnLnH1RfQxrftUHj5MFAm03MOBw3Z6UEVb/w72-h72-c-rw-e365/phish.jpg) 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign](https://thehackernews.com/2026/05/30000-facebook-accounts-hacked-via.html)
[![Image 10: Trellix Confirms Source Code Breach With Unauthorized Repository Access](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJ47NY9D4DSEZHqBNSGTjpmSJqwYVOzlIKGoG-0LTxSdIIDrMtyV2tOqRYcc-4kpxkE1UZ6nJhK4eXCGEsEmG6UcQeHn_YjAhRWXIAxo5yC75eUmLv3w5rur6SN6Qoee65gve-LgM0_3YGnAzQwTrQMTeTShRe_leh8_ImIlzU-Sgfy2kRqTcx5V-yG-3M/w72-h72-c-rw-e365/breach.jpg) Trellix Confirms Source Code Breach With Unauthorized Repository Access](https://thehackernews.com/2026/05/trellix-confirms-source-code-breach.html)
[![Image 11: ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE and More](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_j3mVDqxMVjGlF1qpGV3nSUfIhHsxGDl7Nt6QQFwRUA-qOtj22zKVcE7B7UTCcjLdUrsjLPB5N7TiX8Hzjx8Hq8LPy_GdAfcO_AqMwDDWRyQ6dWdeXzFOQa1KYm8rUUDCgwCbR9kN7OCheQyc0Ijz2MuXGkY6bsqHwlBtV34Q6xH2VAPRDUjFFThKk46X/w72-h72-c-rw-e365/CYBERRECAP.jpg) ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE and More](https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html)
[![Image 12: Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTvgdRkcdOwctclhM5XBvKXGGFrqpNsd7pJsR6Qk9QfhVd52KaiNWtY6kbWYbxzweFJDx5-sXo5UmIGJZ2yKbiSqntFDcYS7aDV_hUlAuNtcFzIPf_MDdqWq9eeyzZwJXx9__K5ynAXHc-7kJ6i66ifjuGrFqfLdn4-yDTvmL1oSZ-kVX2V9eoTq-xdiKa/w72-h72-c-rw-e365/moveit.jpg) Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass](https://thehackernews.com/2026/05/progress-patches-critical-moveit.html)
[![Image 13: Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAfU-GpnCdjg1P2f40nj2Y7eLLpsjWNa1TnSlNm3m9F7VkOryT5etD2BouMGxbfatdzukMzeCPXsDagasXWNbcwUPJNkDY-sBox3DkrA0bTYjAEOk4JV8OySSD1_Ni2DgEnoWih83X65e9K1foEaEUetNxoyXFJnGx4Np8VQWrZSnxo2UMmR0Y68L-qf0y/w72-h72-c-rw-e365/ms-hook.jpg) Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries](https://thehackernews.com/2026/05/microsoft-details-phishing-campaign.html)
[![Image 14: Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL7seGapCGfnl8pFznQajU2KsVPCE19qbtPTJb2sqpOuurkEKNI8ZwUui6QhYmDJODr1F5L7hrpfGBQfsCOT8oC2k_gbjmRPIFWpVZLpJzcdd9nb-UJyNNg4L9LTtEto1sSo3Fn1cIgWxgsH4Xs0GlRJgEt65_Eut7FRv7aQrkqYdJXiE9zDunU2spQOVP/w72-h72-c-rw-e365/apache.jpg) Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE](https://thehackernews.com/2026/05/critical-apache-http2-flaw-cve-2026.html)
[![Image 15: Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF11tAg5Rdf8st9TeSlgPkW_Rn1I3Xi4Xl6wJjNMThFLB0oYYl2kKURYxYxgtnEphAJkeHzRxVrm8LX_7i8RDXgdLQhq4HM5ecZCrv3biRciuLM2JufgdxHqJR3eNTcTsIBWJBAz1Nv8Gac1fhW0vZ8Kgb7RFOC7_9zkL7Uy_SCrFOKps1scenY4c_LPSH/w72-h72-c-rw-e365/paloalto.jpg) Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution](https://thehackernews.com/2026/05/palo-alto-pan-os-flaw-under-active.html)
[![Image 16: The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1Yg33sY2y1VE4mkNb135928ke63sPOMciQgxVLYK0vXlJfSbZPCF0Q2b6URj-uZG0YOarE7-_WKyEc2OTstYRdmcdOagHSWstqHftoc-rv7vWrKepoENsBmKnR7P9jqH6MK9z-oa3RpOks3HGTqafjHUrPp2t-Xny6btfsAMIBcPWPBXq0hZv2-7XrkE/w72-h72-c-rw-e365/the-hacker-news-cybersecurity-stars-awards-2026.jpg.jpg) The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open](https://thehackernews.com/2026/05/the-hacker-news-launches-cybersecurity.html)
[![Image 17: ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYNaH2vOiD-OgAVnO0nGCSr8j4nnvHD2n7RieJD2mDMlPev_fKoBafjhvob13LV4pOFhgMuZd6ex8zyQnCM1AyVfl6fuRG9Max2F76Ku9rWbieBvF0AtGlQd0nXlIwHDKvq5H4BJn3hGCRfE86fHs5SL05RywOADNDC9J5lG9DF8goavgxWzAh7a7isNMB/w72-h72-c-rw-e365/threatsday-1.jpg) ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories](https://thehackernews.com/2026/05/threatsday-bulletin-edge-plaintext.html)
[![Image 18: PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhA-FbTXMB7fJu_4ZxIlvKU2wHShSiMZaCQBah-p33256FjWEUsO0kd4s-LXOT_YQoS39Mj5f7nhj-ERtNF2EPNU9WG91ZWJXpl4cwYFoWz8npaMpVWzAhYjVVB-JnPyoycvPmik7Y5IsihIDXp7_mHvh4DYUz9vqkkVRYgylDqKeezcDEwqRJNs4F_2scA/w72-h72-c-rw-e365/paloalto-rce.jpg) PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage](https://thehackernews.com/2026/05/pan-os-rce-exploit-under-active-use.html)
[![Image 19: Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnVSDBWt4hKZ-DOrZqHWPVH0JxrpcUeup9hpMpoH5Ny8bpuJ6Lviv58aH0aK2S2IJvAugaYRhM8P9wUW3tbVCu2kFMQbG5F16kI3PvS6gmR2Px8qOxcat-tK-UHV9oSDsAv9MHjvrduyndsqhicJxX1GroDTBo8it4ANI2wKIUVauhdxbgrNBQHhdgq2SW/w72-h72-c-rw-e365/linux.gif) Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions](https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.html)
[![Image 20: New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixNgyNI9ObZi3Il87CVXhEWyWgcK-O1IKhQKRs7NPrNVqTMBZRw7AZpmbk5RdsPxNPmO9IyXaq6QzYBN691HBgfE8HpwnyJuE4-vaCAwHPpb6UfeSRcrMI-GRjcX53cELs31s7ps6YkGx5bAAB67w4m9GQ7ZVWjSdnaPOFczjHlsS3967ZvBh-4ZvTBWEJ/w72-h72-c-rw-e365/linux-pam.jpg) New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials](https://thehackernews.com/2026/05/new-linux-pamdoora-backdoor-uses-pam.html)
[![Image 21: Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiholjenZRIykmReErkRiguk5xd9RV4BIEEPM0nT-o3LvMvDkCTLpd3G0NpqDGEFHp-f6QyvGRMip6CBhGlllYVlp9wS3XBVoV6xW47CDka7Ig8S_aotcuNlmAv3SYgS4hJzxjLp2nrV4SzqlTXnQLG_w68Cq0Bf5hiOoV6CaN9QZliRDa-StzsvIkJAdSF/w72-h72-c-rw-e365/kube.jpg) Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise](https://thehackernews.com/2026/05/quasar-linux-rat-steals-developer.html)
[![Image 22: 2026: The Year of AI-Assisted Attacks](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEji6GV4hhCDB_wJkm6REZZfugW5H5hF8g8X27oGcUHnOSxYst1aJJspKKl6joygytGLwgKYvfDU_DD8DFHQ-vPt-_Tc1yzG8fJl_0tHuyOLgJC3eHKGFM_YZA_OIYoL7wI8lUWZrpGO_E2Sjunen7Y9g2fY7sRTi6cvk4DgBW5plToR5U-Je5GQeJsKuqY/w72-h72-c-rw-e365/ai-cyberattacks.png) 2026: The Year of AI-Assisted Attacks](https://thehackernews.com/2026/05/2026-year-of-ai-assisted-attacks.html)
[![Image 23: Day Zero Readiness: The Operational Gaps That Break Incident Response](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdEBtnOnAfYEV-De3NPPeeTCPWK_gSqYM7OZ0ioRJl84OvS49Fp-GJucJfc-ADDOhyTe11dUoYbkIlA1gYW5b8E6KxYIG71gNa0pU4tmqiEyfmxAEyI1A3n2ZOzfePdcm5WdqHVnFlrSwzgNlOmWKMUOHTqUjS_qUhHBEI9CpMJ_OZrUgn-yaHjTDaXJ0/w72-h72-c-rw-e365/main.jpg) Day Zero Readiness: The Operational Gaps That Break Incident Response](https://thehackernews.com/2026/05/day-zero-readiness-operational-gaps.html)
[![Image 24: We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJcSH4TD_VT_40WBni-IecCy9etWtsaPKvEXzvqJrDVNl0rTIg_XXWSygEBXAIP7y4saSzakCzASpQL6vtRnHRHULD71drQ3gr-y9PpzOeeQ4JzkDGorQe26Iy7zCRp0tyc_h8EYpJYEMkYjlophh6fnhGnb0ZnRqmier4jB4nMXO2A_4j2duMoSQGKbo/w72-h72-c-rw-e365/intruder.jpg) We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is](https://thehackernews.com/2026/05/we-scanned-1-million-exposed-ai.html)
⭐ Featured Resources
[![Image 25: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6hiDBtbNc7in8a_CTb-LT0Ll-l0sJPg5Ci6gZL3RX1NgEVODENrFt6JqXhhk-FmPODNM1pzUrPq00VJJiLR-Ju6-4AroQySaFQVIVMtE-wShqzg77pnlapc3RM3LNwuuET_2eI-wMpfSLrJ40sKHXObmn_DDOO9XCzXwvmnhqEvtqqUcrh8lKpcwl_Dyj/s72-e365/picus-web.jpg) [Webinar] Learn How Autonomous Validation Keeps Pace With AI Attacks](https://thehackernews.uk/auto-validation-2026)
[![Image 26: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicj0i3aQS0iB32Gg1HU_TnqOC4RybSLNsb4nZvZ5tdWiY5XEv69ok2BV-i5r-2w7QIpwImYTQCMiG8pbr9CvaHqAUHexe1m8DPsE_oBN-LTAMfTzjK_uEpHgmWlYbA1kGEl5InvXhDL0er2J-20BigTiaTZvuvCxXFBMZYcVxHm1RZg7TtRAv01A9J6CH_/s72-e365/ciso.jpg) [Guide] Get Practical AI SOC Insights to Improve Threat Detection](https://thehackernews.uk/ciso-soc-ai-report)
[![Image 27: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOSJhOFpdVWKgMryEfPnZR30BTWO4mkvD6pvCPkWP6xcMUcwAvGfPhRJReg90gGxRIsU5I_v9rfmhVqSTeMRc2QbYkAjZ3gd-0GRVoVOhous50pX5NHNSfPHz1f0vIfYZLCtT6Rnb7aHZBQqozE5AhaQZuMunks4U1vYzWoquczSWO3TnLYgNZALA_06FR/s72-e365/or.jpg) [Demo] Discover How to Control Autonomous Identity Risks Effectively](https://thehackernews.uk/auto-identity-guards)
[![Image 28: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii8_hL1LxsJl61aahBvGLwPGMbVaZw1Xq2nL-acbm0pmhkgCr0YdSzIWO9MEziTnpzmNV0-3RDkNEV8Qnbf61H14MsS664AuEHJuRcUqkdDOqQdlu5BBYF5G1Hy1Dzs7Uqnnty4d3jZAxcGaLZ0goUUu_1py6H8VYxmu6oxj3VZNLg5uvhVbJZAaF2eKnA/s72-e365/ma.jpg) [Demo] Stop Email Attacks and Protect Cloud Workspace Data Faster](https://thehackernews.uk/google-m365-email-security)
## Cybersecurity Webinars
[Building Stronger Defenses ### Stop Patient Zero Attacks Before They Bypass Detection Learn how to stop patient zero attacks before they bypass detection and compromise your systems at entry points. Register](https://thehacker.news/patient-zero-playbook?source=below)[Reduce AppSec Risk ### Validate Real Attack Paths Before Attackers Exploit Them Learn how to validate real attack paths and reduce exploitable risk with continuous agentic security validation. Register](https://thehacker.news/top-attack-paths-appsec?source=below)
⚡ Latest News
Cybersecurity Resources
[![Image 29: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXACokw4cvLvnMAIF9jza_ah5XTHyp1X7mdStYyPSaHXvjCQ2KC-V5kvZZiHAMysvMR7o3NrPVPgg516Yl0IcmISulV3KECKWn6HYr0gbY18GqVlCFHlCKtRBYoEukyeWJH2zFDgSvdU8_3mpMMJ1gfygQmK9Dq5YaR8Co90e81jRC3nN-AVMO9yiP-YzK/s728-e100/ldr.jpg) Build Security Strategy That Earns Executive Buy-In — SANS LDR514, NYC SANS LDR514 in NYC, Aug 10–15: policy, risk frameworks, board communication, and strategic leadership.](https://thehackernews.uk/nyc-sans-2026)[![Image 30: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCyK3mSumMJPUnI4kYAEcB0kS-ZSB7ZtBTA0xs3tlLhDSQ54FWotA2Ub_e7XLbtTCOqM9k1cAnk6t0Wu7-01W0seVE56jCVFacwmWMu2S5K8EN3MLqE4un8a8_0mWm7fXyXDQO3fSq28M40u2dSATlucFhuKxWUF56thZHx6hRXXVX7d73RzdD6Wc1kQlp/s728-e100/zz-2.jpg) Your VPN is Helping Attackers Move as Fast as AI AI collapsed human response window and turned remote access into fastest path to breach.](https://thehackernews.uk/zscaler-risk-vpn-2026)[![Image 31: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUas4KOce8ComJG5TW2uigorerrcCPf4cjsao7P2In6sgYdLwVMmRFB7bqZ6v0LJXrWDN6LIdgvwvK-kpnISCL7wzLDsSYAVs-XXs-qgcP41i1lj-H3ZYgpXz9Utd_6aCQBoyLo9feismppmickqgr_jwBGQuBazVrSqYDc8pWyFU2x6hkbi7GD1m9NXYc/s728-e300/gg.png) Earn a Master's in Cybersecurity Risk Management Lead the future of cybersecurity risk management with an online Master’s from Georgetown.](https://thehackernews.uk/cyber-risk-program)​
Expert Insights [Articles](https://thehackernews.com/expert-insights/)[Videos](https://thehackernews.com/videos/)
[![Image 32: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0EPKdTPEKUa8Uc9PmVeh_VN-_Z6Xp3n26lj5cYdZ_vBB8hh6KgSMFWgHjNu87tAg4_5-V_0MrdHXNvB2V9VScBtQSLCn5ZAHPTXI1n4OO3q1AD46ouuXgHLP7g_JGzIN0OWU8LSl1K3n__Ae3lE8TWu1feFlDbjpcG7ZZpq5w6JujzcdzgRAX0ZSIkFtI/s728-e300/kaseya-unit.jpg) ## From Phishing to Recovery: Breaking the Ransomware Attack Chain __ May 04, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/05/from-phishing-to-recovery-breaking.html)[![Image 33: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvqP3x1syb3PjmFpOjgHv33XjiWZ_KwdBaa_jhB1qcuIhQ7VzAk8kHGPmqwxS5Uqmkr4-dYYpeAwXGYQpQnFXusdmNyIEeDHxE1QyLcuRKaXnS6xtWHtUfvc72APloD12dswCi0H3f51CQNctZ_GpbEBTcLf2HSFxUxkBPdgv7liGTx6-4e50Bu3ZcQUT6/s728-e300/Prophet-unit.jpg) ## Mythos is Coming: What the Next Six Months Require __ May 04, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/05/mythos-is-coming-what-next-six-months.html)[![Image 34: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgz7h4CNKNO8n5D4i7u9G5jwqxdtEeNXr1XPyX5R-Sctm747-NzZibUb98NgjMZfCMYIDVncAfqOdOCXDJ5i_vDQflcqUNxfFi7-OM7Pnu-savMRuQ9lzSHCvXrhBMYI-8OyurZurcPnCE0-gjrw5x5_q205hY0fp7wCwwc9EMQOo51LbdeNaKW7Sh9kQVB/s728-e300/bitdefender-unit.jpg) ## Your Biggest Security Risk Isn’t Malware — It's What You Already Trust __ May 04, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/05/your-biggest-security-risk-isnt-malware.html)[![Image 35: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjR6WCPSsositUcZds60O72kHyXQXP7yFwD4OBNAb-U73tzZankMDzheCEmqGXK8OBv2w_q4NKUb5grytr4SKS17xb1GSbT3kXHhQ9xi_7AXl0-p11Wok4HyoTt_VT9y6zfK6VVP-x0UY-QVhWkOmiN8kv8BRHYwUU-rcpyKEHLz5Zts7348qOa4VIW-CeZ/s728-e300/ctm360-unit.jpg) ## CTM360 Exposes Global GovTrap Campaign With 11,000+ Fake Government Portals Targeting Citizens Worldwide __ April 27, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/04/ctm360-exposes-global-govtrap-campaign.html)
Get the Latest News in Your Inbox
Get the latest news, expert insights, exclusive resources, and strategies from industry leaders, all for free.
- [x] - [x] 
Email 
Connect with us!
[__ 1,300,000 Followers](https://twitter.com/thehackersnews)
[__ 710,100 Followers](https://www.linkedin.com/company/thehackernews/)
[__ 25,500 Subscribers](https://www.youtube.com/c/thehackernews?sub_confirmation=1)
[__ 157,500 Followers](https://www.instagram.com/thehackernews/)
[__ 1,990,000 Followers](https://www.facebook.com/thehackernews)
[![Image 36: Google News Icon](blob:http://localhost/d9c712dcc9cf552b3323fda6e1fe7145) 55,500 Followers](https://news.google.com/publications/CAAqLQgKIidDQklTRndnTWFoTUtFWFJvWldoaFkydGxjbTVsZDNNdVkyOXRLQUFQAQ)
Company
*   [About THN](https://thehackernews.com/p/about-us.html)
*   [Advertise with us](https://thehackernews.com/p/advertising-with-hacker-news.html)
*   [Contact](https://thehackernews.com/p/submit-news.html)
Pages
*   [Webinars](https://thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Awards](https://awards.thehackernews.com/)
*   [Privacy Policy](https://thehackernews.com/p/privacy-policy.html)
[__ RSS Feeds](https://feeds.feedburner.com/TheHackersNews)[__ Contact Us](https://thehackernews.com/p/submit-news.html)
© 2026 The Hacker News. All Rights Reserved.