Lucene search
+L

20920 matches found

The Hacker News
The Hacker News
added 2025/06/17 10:30 a.m.30 views

Backups Are Under Attack: How to Protect Your Backups

Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Today's ransomware attacks initially target your last line of defense — your backup infrastructure. Before locking up your production environment, cybercriminals...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/17 9:32 a.m.21 views

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn...

9.8CVSS9.8AI score0.9999EPSS
Exploits33
The Hacker News
The Hacker News
added 2025/06/17 8:12 a.m.33 views

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 CVSS score: 8.8, a...

9.8CVSS9.7AI score0.99284EPSS
Exploits11
The Hacker News
The Hacker News
added 2025/06/17 4:53 a.m.11 views

Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement

Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind." The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/16 5:49 p.m.16 views

U.S. Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network

The U.S. Department of Justice DoJ said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens NFTs, and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea. "For years, North Kor...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/16 2:21 p.m.12 views

Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment

An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat." "The ransomware features a 'wipe mode,' which permanently erases files, rendering recovery impossible eve...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/16 11:29 a.m.49 views

⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More

Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren't. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something's wrong. This week's stories aren't just about what was attacked—but how...

9.9CVSS8.9AI score0.98067EPSS
Exploits26
The Hacker News
The Hacker News
added 2025/06/16 11:25 a.m.11 views

Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine

Introduction The cybersecurity landscape is evolving rapidly, and so are the cyber needs of organizations worldwide. While businesses face mounting pressure from regulators, insurers, and rising threats, many still treat cybersecurity as an afterthought. As a result, providers may struggle to mov...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/16 6:45 a.m.27 views

PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments

Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat 676 Downloads ts-runtime-compat-check 1,588...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/14 2:45 a.m.26 views

Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/13 2:12 p.m.22 views

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an "esoteric and...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/13 11:2 a.m.20 views

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management RMM instances to compromise customers of an unnamed utility billing software provider. "This incident reflects a broader...

9.9CVSS9.5AI score0.95151EPSS
Exploits2
The Hacker News
The Hacker News
added 2025/06/13 10:30 a.m.23 views

CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk

Introduction: Security at a Tipping Point Security Operations Centers SOCs were built for a different era, one defined by perimeter-based thinking, known threats, and manageable alert volumes. But today's threat landscape doesn't play by those rules. The sheer volume of telemetry, overlapping...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/13 7:3 a.m.27 views

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3....

6.1CVSS6.5AI score0.04371EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/06/12 5:47 p.m.19 views

WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network

The threat actors behind the VexTrio Viper Traffic Distribution Service TDS have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that's designed to distribute malicious content...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/12 1:52 p.m.14 views

New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes

Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's LLM safety and content moderation guardrails with just a single character change. "The TokenBreak attack targets a text classification model's tokenization...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/12 1:6 p.m.8 views

AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar

AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you're not paying attention. Behind every AI agent, chatbot, or automation script lies a growing number of non-human...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/12 11:11 a.m.31 views

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence AI vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 M365 Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the...

9.3CVSS9.2AI score0.05776EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/06/12 11:0 a.m.14 views

Non-Human Identities: How to Address the Expanding Security Risk

Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian's end-to-end NHI security platform is here to close...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/12 7:42 a.m.16 views

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management RMM executables due to security concerns. The company said it's doing so "due to concerns raised by a...

8.1CVSS7.7AI score0.03361EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/06/12 5:41 a.m.35 views

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

Cybersecurity researchers have uncovered a new account takeover ATO campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID formerly Azure Active Directory user accounts. The activity, codenamed UNKSneakyStrike by Proofpoint, has...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/11 5:44 p.m.24 views

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks. "Recently, attackers have introduced Python script execution alongside these...

9.8CVSS9.7AI score0.98259EPSS
Exploits23
The Hacker News
The Hacker News
added 2025/06/11 1:49 p.m.57 views

295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager

Threat intelligence firm GreyNoise has warned of a "coordinated brute-force activity" targeting Apache Tomcat Manager interfaces. The company said it observed a surge in brute-force and login attempts on June 5, 2025, an indication that they could be deliberate efforts to "identify and access...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/11 11:32 a.m.12 views

INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure

INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants. The joint action, codenamed Operation Secure, took place between January and April 2025, and involved law enforcement agencies...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/11 11:25 a.m.14 views

Why DNS Security Is Your First Defense Against Cyber Attacks?

In today's cybersecurity landscape, much of the focus is placed on firewalls, antivirus software, and endpoint detection. While these tools are essential, one critical layer often goes overlooked: the Domain Name System DNS. As the starting point of nearly every online interaction, DNS is not onl...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/11 10:28 a.m.23 views

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations. "Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without...

7.9AI score0.00415EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/06/11 10:0 a.m.13 views

How to Build a Lean Security Model: 5 Lessons from River Island

In today’s security landscape, budgets are tight, attack surfaces are sprawling, and new threats emerge daily. Maintaining a strong security posture under these circumstances without a large team or budget can be a real challenge. Yet lean security models are not only possible - they can be highl...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/11 7:46 a.m.47 views

Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild

Microsoft has released patches to fix 67 security flaws, including one zero-day bug in Web Distributed Authoring and Versioning WebDAV that it said has come under active exploitation in the wild. Of the 67 vulnerabilities, 11 are rated Critical and 56 are rated Important in severity. This include...

9.8CVSS9AI score0.81558EPSS
Exploits18
The Hacker News
The Hacker News
added 2025/06/10 6:29 p.m.44 views

Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager AEM. Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service CS as well as all versions prior to and including 6.5.22. The issu...

9.1CVSS8.5AI score0.007EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/06/10 6:4 p.m.24 views

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud aka Salesforce Industries, exposing sensitive data to unauthorized internal and external parties. The weaknesses affect various components like FlexCards, Data Mappers, Integration...

9.1CVSS6.3AI score0.00442EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/06/10 4:46 p.m.21 views

FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware

The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services AWS infrastructure to deliver a malware family called Moreeggs. "By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/10 2:20 p.m.31 views

Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users

Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that's being propagated via fraudulent gaming websites. "Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/10 11:0 a.m.11 views

The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier

Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities NHIs come in. NHIs — including application secrets, A...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/10 10:11 a.m.16 views

Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account

Google has stepped in to address a security flaw that could have made it possible to brute-force an account's recovery phone number, potentially exposing them to privacy and security risks. The issue, according to Singaporean security researcher "brutecat," leverages an issue in the company's...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/10 7:48 a.m.24 views

Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises

The threat actor known as Rare Werewolf formerly Rare Wolf has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States CIS countries. "A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developin...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/10 5:37 a.m.23 views

CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added two critical security flaws impacting Erlang/Open Telecom Platform OTP SSH and Roundcube to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities in question are...

10CVSS10AI score0.97859EPSS
Exploits42
The Hacker News
The Hacker News
added 2025/06/09 3:23 p.m.22 views

Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group

The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. "The victimology includes a South Asian government entity, a European media organization, and more than...

9.4CVSS8.7AI score0.98557EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/06/09 2:46 p.m.31 views

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service DDoS attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicio...

9.9CVSS9.3AI score0.99999EPSS
Exploits26
The Hacker News
The Hacker News
added 2025/06/09 11:20 a.m.34 views

⚡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks

Behind every security alert is a bigger story. Sometimes it's a system being tested. Sometimes it's trust being lost in quiet ways—through delays, odd behavior, or subtle gaps in control. This week, we're looking beyond the surface to spot what really matters. Whether it's poor design, hidden...

9.9CVSS8.4AI score0.94741EPSS
Exploits38
The Hacker News
The Hacker News
added 2025/06/09 11:0 a.m.16 views

Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise

You don’t need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That’s shadow IT. And today, it’s not just about unsanctioned...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/09 6:45 a.m.27 views

OpenAI Bans ChatGPT Accounts Used by Russian, Iranian, and Chinese Hacker Groups

OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/08 1:47 p.m.31 views

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change to "lib/commonjs/index.js," allows an attacker to run shell commands, take screenshots, and upload files to infected...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/08 8:1 a.m.26 views

Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025

Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. "Some of the phishing emails were sent from the servers of compromised...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/06 4:25 p.m.55 views

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer AMOS on Apple macOS systems. The campaign, according to CloudSEK, has been found to...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/06 1:41 p.m.15 views

Empower Users and Protect Against GenAI Data Loss

When generative AI tools became widely available in late 2022, it wasn't just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/06 1:12 p.m.7 views

Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam

India's Central Bureau of Investigation CBI has revealed that it has arrested six individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens. The law enforcement agency said it conducted...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/06 10:30 a.m.29 views

Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV

Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/06 8:35 a.m.18 views

New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack

A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. "The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to t...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/05 3:53 p.m.21 views

Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions ... unintentionally transmit sensitive data over simple...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/05 1:53 p.m.34 views

Researchers Detail Bitter APT's Evolving Tactics as Its Geographic Scope Expands

The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the interests of the Indian government. That's according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysi...

8.5AI score
Exploits0
Total number of security vulnerabilities20920