Lucene search
+L

20921 matches found

The Hacker News
The Hacker News
added 2025/05/15 10:5 a.m.38 views

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting XSS vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET. The activity, which...

5.3CVSS8AI score0.84456EPSS
Exploits5
The Hacker News
The Hacker News
added 2025/05/15 10:0 a.m.31 views

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. "This campaign employs clever Unicode-based steganography to hide its initia...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/14 5:57 p.m.52 views

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 CVSS score: 9.8, has been described as a path traversal flaw. "Improper limitation of a pathname to a restricte...

9.8CVSS9.5AI score0.91941EPSS
Exploits7
The Hacker News
The Hacker News
added 2025/05/14 5:50 p.m.37 views

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver tracked as CVE-2025-31324, indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update publishe...

10CVSS9.4AI score0.99406EPSS
Exploits23
The Hacker News
The Hacker News
added 2025/05/14 3:27 p.m.26 views

Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering

A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee. According to a report published by blockchain analytics firm Elliptic, merchant...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/14 2:5 p.m.18 views

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

A new global phishing threat called "Meta Mirage" has been uncovered, targeting businesses using Meta's Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. Cybersecurity researchers at CTM360 revealed tha...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/14 11:11 a.m.32 views

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity fir...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/14 10:54 a.m.21 views

Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team

Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon's recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/14 10:40 a.m.43 views

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina. The campaign is "using crafted emails that impersonate invoice...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/14 8:14 a.m.59 views

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rate...

10CVSS8.4AI score0.27561EPSS
Exploits19
The Hacker News
The Hacker News
added 2025/05/14 4:21 a.m.37 views

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability CWE-121 in FortiVoice,...

9.8CVSS10AI score0.31974EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/05/14 4:0 a.m.26 views

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile EPMM software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 CVSS score: 5.3 - An authentication bypass in Ivanti Endpoi...

9.8CVSS8AI score0.99899EPSS
Exploits10
The Hacker News
The Hacker News
added 2025/05/13 3:13 p.m.44 views

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. "Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution RCE,"...

10CVSS10AI score0.99406EPSS
Exploits19
The Hacker News
The Hacker News
added 2025/05/13 2:47 p.m.30 views

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/13 11:0 a.m.17 views

Deepfake Defense in the Age of AI

The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models LLMs to impersonate trusted individuals and automate these social engineering tactics at scale. Let's review the status of these rising attacks, what's fueling...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/13 10:57 a.m.36 views

North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress

The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on th...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/13 6:33 a.m.14 views

Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency

Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. "He is wanted internationally for committing several cybercrimes ransomware attacks, blackmail, and money laundering against...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/13 5:8 a.m.20 views

Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers

A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the...

9.8CVSS6.3AI score0.01782EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/05/12 2:3 p.m.27 views

ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files

ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that's designed to automatically detect the motherboard model of a...

9.4CVSS8.4AI score0.00815EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/05/12 12:10 p.m.64 views

⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams

What do a source code editor, a smart billboard, and a web server have in common? They've all become launchpads for attacks—because cybercriminals are rethinking what counts as "infrastructure." Instead of chasing high-value targets directly, threat actors are now quietly taking over the...

10CVSS8.7AI score0.79475EPSS
Exploits17
The Hacker News
The Hacker News
added 2025/05/12 11:0 a.m.11 views

The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That

Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian's State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/12 7:26 a.m.41 views

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

Threat actors have been observed leveraging fake artificial intelligence AI-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. "Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms ...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/10 6:54 a.m.17 views

Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection

Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users' personal location and maintaining their facial recognition data without consent. The $1.375 billion payment dwarfs the fines the tech giant has paid to settle...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/10 6:47 a.m.18 views

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

Germany's Federal Criminal Police Office aka Bundeskriminalamt or BKA has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating a criminal trading platform. The operation was carried out on April 30, 2025,...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/09 4:28 p.m.19 views

BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation

A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that's powered by thousands of infected Internet of Things IoT and end-of-life EoL devices, enlisting them into a botnet for providing anonymity to malicious actors. In conjunction...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/09 4:25 p.m.33 views

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities

The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed the new findings, said t...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/09 11:40 a.m.33 views

Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials

Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management RMM software since January 2025. "The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entic...

7.8CVSS8.1AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2025/05/09 11:11 a.m.16 views

Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business

AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks — like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask: Are...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/09 10:57 a.m.50 views

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence AI-powered source code editor. "Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/09 10:57 a.m.23 views

Beyond Vulnerability Management – Can You CVE What I CVE?

The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center VOC dataset analysis identified 1,337,797...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/09 7:13 a.m.14 views

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

Google on Thursday announced it's rolling out new artificial intelligence AI-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its on-device large language model LLM, to improve Safe Browsing in Chrome 137 on desktops...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/09 4:29 a.m.30 views

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

A China-linked unnamed threat actor dubbed Chaya004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing...

10CVSS9.9AI score0.99406EPSS
Exploits18
The Hacker News
The Hacker News
added 2025/05/08 3:23 p.m.26 views

38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases

Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/08 2:0 p.m.24 views

Security Tools Alone Don't Protect You — Control Effectiveness Does

61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It is a configuration...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/08 1:56 p.m.53 views

SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access SMA appliances that could be fashioned to result in remote code execution. The vulnerabilities are listed below - CVE-2025-32819 CVSS score: 8.8 - A vulnerability in SMA100 allows a remote...

9.1CVSS10AI score0.99957EPSS
Exploits2
The Hacker News
The Hacker News
added 2025/05/08 1:47 p.m.14 views

Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures

Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. "NETXLOADER is a new .NET-based loader that plays a critical role in...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/08 10:32 a.m.37 views

MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware

The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan. The activity, detected by Trend Micro in March 2025, involved the use o...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/08 6:57 a.m.16 views

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. "LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/08 4:57 a.m.47 views

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188 , has been rated 10.0 on the CVSS...

10CVSS9.8AI score0.17894EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/05/07 1:54 p.m.22 views

Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks

Europol has announced the takedown of distributed denial of service DDoS-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation, Polish authorities have arrested four individuals aged between 19 and 22 and the United States has...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/07 1:44 p.m.36 views

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

A second security flaw impacting the OttoKit formerly SureTriggers WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 CVSS score: 9.8, is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.8...

9.8CVSS9.6AI score0.7568EPSS
Exploits10
The Hacker News
The Hacker News
added 2025/05/07 11:31 a.m.41 views

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

Cybersecurity researchers have disclosed multiple security flaws in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and...

9.8CVSS10AI score0.98851EPSS
Exploits7
The Hacker News
The Hacker News
added 2025/05/07 10:56 a.m.13 views

Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection

Security Service Edge SSE platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there's a problem: they stop short of where the most sensitiv...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/07 10:44 a.m.40 views

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization

Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged...

7.8CVSS8.3AI score0.13475EPSS
Exploits4
The Hacker News
The Hacker News
added 2025/05/07 7:37 a.m.17 views

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

Cybersecurity researchers have discovered a malicious package on the Python Package Index PyPI repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on March 21,...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/07 6:22 a.m.16 views

NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware

A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting...

9.8CVSS9.1AI score0.39166EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/05/06 3:33 p.m.38 views

Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet

Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life EoL Internet of Things IoT devices to corral them into a Mirai botnet for conducting distributed denial-of-service DDoS attacks. The activity, first observed by the Akamai Security Intelligence and Respon...

9.8CVSS10AI score0.92887EPSS
Exploits12
The Hacker News
The Hacker News
added 2025/05/06 1:36 p.m.15 views

New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims

Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems TDSes. The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/06 11:25 a.m.11 views

Third Parties and Machine Credentials: The Silent Drivers Behind 2025's Worst Breaches

It wasn't ransomware headlines or zero-day exploits that stood out most in this year's Verizon 2025 Data Breach Investigations Report DBIR — it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/06 11:5 a.m.14 views

Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data. "While these 'plug-and-play' options greatly simplify the setup process, they often prioritize ease of use over...

7.8AI score
Exploits0
Total number of security vulnerabilities20921