Lucene search
+L

20919 matches found

The Hacker News
The Hacker News
added 2025/06/05 10:59 a.m.24 views

Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware

An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to a threat group ESET tracks as BladedFeline , which is assessed with medium confidence to be a sub-cluster within OilRig, a known...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/05 10:16 a.m.16 views

DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown

The U.S. Department of Justice DoJ on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains associated with an illicit carding marketplace called BidenCash. "The operators of the BidenCash marketplace use the platform to simplify the process of buying...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/05 5:37 a.m.32 views

Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI

Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine ISE that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems. The security defect, tracked as CVE-2025-20286 , carries a...

9.9CVSS7.6AI score0.01083EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/06/04 3:24 p.m.18 views

Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App

Google has disclosed details of a financially motivated threat cluster that it said "specializes" in voice phishing aka vishing campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracki...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/04 12:55 p.m.19 views

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

Threat hunters are calling attention to a new variant of a remote access trojan RAT called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems. According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a...

8.8CVSS7.8AI score0.80454EPSS
Exploits7
The Hacker News
The Hacker News
added 2025/06/04 12:13 p.m.11 views

Your SaaS Data Isn't Safe: Why Traditional DLP Solutions Fail in the Browser Era

Traditional data leakage prevention DLP tools aren't keeping pace with the realities of how modern businesses use SaaS applications. Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive informati...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/04 10:11 a.m.32 views

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/04 5:23 a.m.30 views

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Hewlett Packard Enterprise HPE has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution. "These vulnerabilities could be remotely exploited to allow...

7.5CVSS8.6AI score0.99957EPSS
Exploits2
The Hacker News
The Hacker News
added 2025/06/03 3:0 p.m.27 views

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations DTI team said it identified "malicious multi-stag...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/03 1:1 p.m.14 views

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113 , carries a CVSS sco...

9.9CVSS9.6AI score0.94741EPSS
Exploits34
The Hacker News
The Hacker News
added 2025/06/03 11:0 a.m.14 views

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization

In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost profits for M&S alon...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/03 9:34 a.m.20 views

Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/03 7:48 a.m.12 views

Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues

Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. T...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/03 7:20 a.m.10 views

Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion

Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. "By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/03 4:22 a.m.33 views

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419 CVSS score: 8.8, and has been flagged as an out-of-bounds read an...

8.8CVSS8.5AI score0.08404EPSS
Exploits9
The Hacker News
The Hacker News
added 2025/06/02 4:3 p.m.10 views

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub

Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity...

7.2CVSS8.2AI score0.95432EPSS
Exploits12
The Hacker News
The Hacker News
added 2025/06/02 3:12 p.m.10 views

Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN

Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows -...

8.3CVSS7.4AI score0.00185EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/06/02 2:22 p.m.38 views

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below - CVE-2025-21479...

8.4CVSS7.6AI score0.00892EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/06/02 11:23 a.m.41 views

⚡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More

If this had been a security drill, someone would've said it went too far. But it wasn't a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late. This is how attacks happen now—quiet, convincing, and fast. Defenders aren't just chasing hacke...

9.3CVSS8.5AI score0.99723EPSS
Exploits61
The Hacker News
The Hacker News
added 2025/06/02 10:55 a.m.16 views

The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats

The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses — security teams are finding more...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/02 5:51 a.m.46 views

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers CFOs and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle Eas...

7.8CVSS7.8AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2025/05/31 10:19 a.m.53 views

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit TRU. Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs...

4.7CVSS5.5AI score0.00668EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/05/31 7:16 a.m.12 views

U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation

A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software. To that effect, the U.S. Department of Justice DoJ said it seized four...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/30 2:14 p.m.50 views

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/30 11:12 a.m.62 views

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection...

9.3CVSS10AI score0.99991EPSS
Exploits121
The Hacker News
The Hacker News
added 2025/05/30 10:30 a.m.16 views

From the "Department of No" to a "Culture of Yes": A Healthcare CISO's Journey to Enabling Modern Care

Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/30 7:51 a.m.11 views

U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud

The U.S. Department of Treasury's Office of Foreign Assets Control OFAC has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses. T...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/30 6:11 a.m.34 views

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe wa...

9.3CVSS9AI score0.99959EPSS
Exploits20
The Hacker News
The Hacker News
added 2025/05/30 4:9 a.m.8 views

Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/29 3:47 p.m.28 views

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

Fake installers for popular artificial intelligence AI tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and LuckyGh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/29 1:16 p.m.42 views

New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers

Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet. The DOS Disk Operating System and PE Portable Executable headers are essential parts of a Windows PE file, providing...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/29 10:34 a.m.20 views

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's MSP SimpleHelp remote monitoring and management RMM tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a tri...

9.9CVSS7.4AI score0.95151EPSS
Exploits2
The Hacker News
The Hacker News
added 2025/05/29 5:59 a.m.7 views

Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control C2. The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromise...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/29 5:34 a.m.32 views

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files. TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to all...

10CVSS8AI score0.05128EPSS
Exploits2
The Hacker News
The Hacker News
added 2025/05/28 5:20 p.m.7 views

Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore

An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. Sina Gholinejad aka Sina Ghaaf, 37, and his co-conspirators are said to have breached the computer networks of various organizations in...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/28 4:1 p.m.13 views

Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack

The Czech Republic on Wednesday formally accused a threat actor associated with the People's Republic of China PRC of targeting its Ministry of Foreign Affairs. In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/28 1:41 p.m.26 views

Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File

Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool. "This stems from overly broad OAuth...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/28 12:30 p.m.62 views

New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto

Embedded Linux-based Internet of Things IoT devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts. "Rather than...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/28 11:25 a.m.17 views

From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign

Stealer malware no longer just steals passwords. In 2025, it steals live sessions—and attackers are moving faster and more efficiently than ever. While many associate account takeovers with personal services, the real threat is unfolding in the enterprise. Flare's latest research, The Account and...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/28 11:0 a.m.40 views

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System CMS to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The...

10CVSS10AI score0.99999EPSS
Exploits493
The Hacker News
The Hacker News
added 2025/05/28 9:32 a.m.22 views

How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds

Would you expect an end user to log on to a cybercriminal's computer, open their browser, and type in their usernames and passwords? Hopefully not! But that's essentially what happens if they fall victim to a Browser-in-the-Middle BitM attack. Like Man-in-the-Middle MitM attacks, BiTM sees...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/28 9:23 a.m.35 views

251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch

Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct "exposure points" earlier this month. The activity, observed by GreyNoise on May 8, 2025, involved as many as 251 malicious IP addresses that are all geolocated to Japan and...

9.8CVSS8.1AI score0.99999EPSS
Exploits277
The Hacker News
The Hacker News
added 2025/05/28 6:11 a.m.7 views

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from "deceptive...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/27 4:23 p.m.20 views

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. The attacks, designed to mine for Dero currency, is notable for its worm-like capabilities to propagate the malware to other exposed Docker instances and...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/27 2:10 p.m.20 views

Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets

Cybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT. The campaign indicates a "clear intent to target individuals for financial gain by...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/27 11:51 a.m.29 views

Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

Microsoft has shed light on a previously undocumented cluster of malicious activity originating from a Russia-affiliated threat actor dubbed Void Blizzard aka Laundry Bear that it said is attributed to "worldwide cloud abuse." Active since at least April 2024, the hacking group is linked to...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/27 11:0 a.m.12 views

AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale

Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot's code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non‑human identities NHI...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/27 9:52 a.m.13 views

Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers

Threat hunters have exposed a novel campaign that makes use of search engine optimization SEO poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in the manufacturing sector, is...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/27 7:11 a.m.15 views

Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth's Stealth Phishing Campaign

The U.S. Federal Bureau of Investigation FBI has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over the past two years. The campaign leverages "information technology IT themed social engineering calls, and callback phishing...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/27 6:54 a.m.33 views

Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents

The Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting Tajikistan using macro-enabled Word templates as an initial payload. The attack chain is a departure from the threat actor's previously documented use of an HTML Application .HTA load...

7.1AI score
Exploits0
Total number of security vulnerabilities20919