Lucene search
+L

20923 matches found

The Hacker News
The Hacker News
added 2025/04/25 8:43 a.m.40 views

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure ICS. The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time,...

9.8CVSS7.9AI score0.99979EPSS
Exploits20
The Hacker News
The Hacker News
added 2025/04/24 2:11 p.m.35 views

Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware

At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to ...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/24 12:58 p.m.63 views

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

Cybersecurity researchers have demonstrated a proof-of-concept PoC rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called iouring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This mechanism allo...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/24 12:56 p.m.21 views

Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign

The Evolving Healthcare Cybersecurity Landscape Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology OT environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/24 12:55 p.m.15 views

159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure

As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/24 11:27 a.m.24 views

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

The threat actors behind the Darcula phishing-as-a-service PhaaS platform have released new updates to their cybercrime suite with generative artificial intelligence GenAI capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/24 10:0 a.m.30 views

Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely

A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028 , carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been...

10CVSS8.8AI score0.97292EPSS
Exploits5
The Hacker News
The Hacker News
added 2025/04/24 4:3 a.m.21 views

WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads

WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. "This new setting available in both chats and groups helps prevent others from taking content outside...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/23 5:9 p.m.20 views

DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

Multiple threat activity clusters with ties to North Korea aka Democratic People's Republic of Korea or DPRK have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially motivate...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/23 1:8 p.m.49 views

Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign

The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/23 12:22 p.m.32 views

Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices

Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/23 11:0 a.m.15 views

Three Reasons Why the Browser is Best for Stopping Phishing Attacks

Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before. --- Attackers are increasingly leveraging identity-based techniques over...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/23 10:49 a.m.35 views

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp

Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/23 7:17 a.m.26 views

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The malicious activity has been found to affect five different versions of the package:...

9.3CVSS6.6AI score0.00868EPSS
Exploits2
The Hacker News
The Hacker News
added 2025/04/23 5:19 a.m.23 views

Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/22 4:46 p.m.37 views

Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals

Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners...

6.9CVSS8AI score0.98084EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/04/22 2:6 p.m.20 views

GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform GCP that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that's based on Apache Airflow. "This vulnerability lets attackers with edit...

8.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/22 11:0 a.m.20 views

5 Major Concerns With Employees Using The Browser

As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware's recent State of Browser Security report...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/22 10:50 a.m.47 views

Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials

In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. "The first thing to no...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/22 7:38 a.m.32 views

Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach

Microsoft on Monday announced that it has moved the Microsoft Account MSA signing service to Azure confidential virtual machines VMs and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/22 4:29 a.m.50 views

Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware

The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a...

8.8CVSS9AI score0.99966EPSS
Exploits51
The Hacker News
The Hacker News
added 2025/04/21 4:42 p.m.63 views

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the...

9.8CVSS8.5AI score0.99999EPSS
Exploits155
The Hacker News
The Hacker News
added 2025/04/21 3:13 p.m.21 views

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

A new Android malware-as-a-service MaaS platform named SuperCard X can facilitate near-field communication NFC relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/21 11:25 a.m.22 views

5 Reasons Device Management Isn't Device Trust​

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. The solution is more complex. For this article, we'll...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/21 10:10 a.m.54 views

⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that's exactly what we saw in last week's activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flag...

9.2CVSS9.4AI score0.97859EPSS
Exploits63
The Hacker News
The Hacker News
added 2025/04/21 7:1 a.m.54 views

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organization...

9.8CVSS8.2AI score0.98417EPSS
Exploits31
The Hacker News
The Hacker News
added 2025/04/20 4:58 a.m.37 views

APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures

The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/19 3:11 p.m.22 views

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils 132 downloads node-telegram-bots-api...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/19 8:52 a.m.29 views

ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware

ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492 , has a CVSS score of 9.2 out of a maximum of 10.0. "An improper...

9.2CVSS7.8AI score0.01017EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/04/18 3:15 p.m.18 views

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/18 12:3 p.m.64 views

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo...

7.8CVSS7.6AI score0.73381EPSS
Exploits11
The Hacker News
The Hacker News
added 2025/04/18 9:45 a.m.15 views

[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach

Your employees didn't mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is. If this sounds familiar, you're not alone. Most security...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/18 7:10 a.m.19 views

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service DDoS malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/18 4:29 a.m.197 views

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier...

6.5CVSS7.4AI score0.81817EPSS
Exploits20
The Hacker News
The Hacker News
added 2025/04/17 3:22 p.m.38 views

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. Thi...

9.1CVSS9.5AI score0.99999EPSS
Exploits23
The Hacker News
The Hacker News
added 2025/04/17 11:32 a.m.29 views

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/17 11:26 a.m.22 views

Artificial Intelligence – What's all the fuss?

Talking about AI: Definitions Artificial Intelligence AI — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/17 10:32 a.m.29 views

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform OTP SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433 , has been given the maximum CVSS...

10CVSS9.9AI score0.97859EPSS
Exploits36
The Hacker News
The Hacker News
added 2025/04/17 10:30 a.m.20 views

Blockchain Offers Security Benefits – But Don't Neglect Your Passwords

Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/17 8:57 a.m.27 views

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing ...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/17 5:44 a.m.22 views

CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a security flaw impacting SonicWall Secure Mobile Access SMA 100 Series gateways to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked...

6.5CVSS7.1AI score0.0389EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/04/17 3:33 a.m.43 views

Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-31200 CVSS score: 7.5 - A memory corruption...

8.8CVSS8.2AI score0.21922EPSS
Exploits12
The Hacker News
The Hacker News
added 2025/04/16 4:18 p.m.33 views

New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered ...

7.8CVSS8.3AI score0.00481EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/04/16 12:48 p.m.18 views

Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and block...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/16 11:44 a.m.44 views

Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins

Threat actors are leveraging an artificial intelligence AI powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. "Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/16 11:26 a.m.13 views

From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains

Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/16 10:37 a.m.26 views

New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks

Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. "The controller could open a...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/16 10:30 a.m.16 views

Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/16 7:34 a.m.39 views

Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/16 5:6 a.m.18 views

U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert

The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures CVE program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem. The 25-year-o...

7.2AI score
Exploits0
Total number of security vulnerabilities20923