Lucene search
K

519 matches found

The Hacker News
The Hacker News
added 2025/09/29 4:36 p.m.9 views

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

Threat actors have been observed using seemingly legitimate artificial intelligence AI tools and software to sneakily slip malware for future attacks on organizations worldwide. According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various...

7.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/25 7:20 a.m.4 views

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

8.1CVSS5.8AI score0.00458EPSS
Exploits1References1
HackRead
HackRead
added 2025/07/31 4:34 p.m.5 views

OnlyFans, Discord ClickFix-Themed Pages Spread Epsilon Red Ransomware

Beware of Epsilon Red ransomware as attackers impersonate Discord, Twitch and OnlyFans using fake verification pages with .HTA files and ActiveX to spread malware...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/30 4:21 p.m.8 views

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript JSC malware called JSCEAL that can capture data such as credentials and wallets. The activity leverages thousands of malicious advertisements...

7.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/07/25 4:41 p.m.7 views

Steam games abused to deliver malware once again

A cybercriminal known as EncryptHub aka Larva-208 has reportedly abused the online game platform Steam to distribute information stealers. EncryptHub managed to sneak malicious files into the Chemia game files hosted on Steam. Chemia is an adventurous survival type of game that puts the player in...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/22 12:0 a.m.9 views

From Cracks to Crooks: YouTube As a Vector for Malware Distribution

With billions of users and an immense volume of daily uploads, YouTube has become an attractive target for cybercriminals aiming to leverage its vast audience. The platform's openness and trustworthiness provide an ideal environment for deceptive campaigns that can operate under the radar of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/21 12:0 a.m.4 views

PhishIntentionLLM: Uncovering Phishing Website Intentions through Multi-Agent Retrieval-Augmented Generation

Phishing websites remain a major cybersecurity threat, yet existing methods primarily focus on detection, while the recognition of underlying malicious intentions remains largely unexplored. To address this gap, we propose PhishIntentionLLM, a multi-agent retrieval-augmented generation RAG...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/17 5:40 p.m.9 views

Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters

Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The MaaS malware-as-a-service operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/17 2:11 p.m.26 views

Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner

Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The vulnerability in question is CVE-2021-41773 CVSS score: 7.5, a high-severity path traversal vulnerability in Apache HTTP...

10CVSS10AI score0.99992EPSS
Exploits299
Veracode
Veracode
added 2025/07/09 5:40 a.m.4 views

Improper Input Validation

transformers is vulnerable to improper input validation. The vulnerability is due to insecure URL validation using the startswith method in imageutils.py, which allows an attacker to exploit URL username injection to craft deceptive URLs that appear to originate from trusted sources like YouTube,...

3.5CVSS4AI score0.00329EPSS
Exploits1References5Affected Software1
The Hacker News
The Hacker News
added 2025/07/08 5:35 p.m.13 views

Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/07/07 9:55 a.m.4 views

CVE-2025-3777 Improper Input Validation in huggingface/transformers

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...

3.5CVSS3.9AI score0.00329EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2025/06/25 8:45 a.m.9 views

SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks

Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to securely connect and run applications on the company network," SonicWall...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/12 5:47 p.m.19 views

WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network

The threat actors behind the VexTrio Viper Traffic Distribution Service TDS have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that's designed to distribute malicious content...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/23 5:24 p.m.35 views

Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique

The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. "The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk," Expel said ...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:27 a.m.5 views

CVE-2024-5936

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...

6.1CVSS4.5AI score0.28925EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:54 a.m.5 views

CVE-2024-42671

A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious website, leading to potential credential theft, malware distribution, or other malicious activities...

6.1CVSS6.9AI score0.0027EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/05/13 10:57 a.m.35 views

North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress

The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on th...

7.5AI score
Exploits0
HackRead
HackRead
added 2025/05/08 3:17 p.m.19 views

Fake Crypto Exchange Ads on Facebook Spread Malware

Bitdefender exposes Facebook ad scams using fake crypto sites and celebrity lures to spread malware via malicious desktop…...

7.3AI score
Exploits0
HackRead
HackRead
added 2025/05/08 1:1 p.m.24 views

Fake AI Tools Push New Noodlophile Stealer Through Facebook Ads

Scammers are using fake AI tools and Facebook ads to spread Noodlophile Stealer malware, targeting users with a…...

7.3AI score
Exploits0
Rows per page
Query Builder