Can security teams stay ahead when threats pile up faster than patches?

This week’s Hacker News recap spotlights how defenders are battling on multiple fronts at once: law-enforcement takedowns of Lumma Stealer and DanaBot showcase rare wins against commodity malware repurposed by Russian state hackers, while fresh APT campaigns—from Russia’s APT28 targeting Western logistics to China-nexus UNC5221 exploiting Ivanti EPMM flaws—underscore nation-state persistence. Attackers are also hijacking popular platforms, using AI-generated TikTok videos to spread stealers and crafting 100-plus malicious Chrome extensions that siphon credentials and inject ads.

Beyond headline exploits, CISA warns SaaS providers of cloud-configuration gaps, researchers find prompt-injection holes in GitLab’s Duo AI assistant, and a sprawling CVE list—from Versa Concerto to VMware Cloud Foundation—reminds teams that unpatched software remains the easiest door in. Add wipers in Ukraine, new COOKIE-BITE session-stealing tricks, and state moves to criminalize cyber-espionage, and the message is clear: proactive visibility and rapid patching are now table stakes. The Hacker News