Lucene search
+L

20926 matches found

The Hacker News
The Hacker News
added 2025/04/16 10:30 a.m.16 views

Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/16 7:34 a.m.39 views

Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/16 5:6 a.m.18 views

U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert

The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures CVE program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem. The 25-year-o...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/15 2:6 p.m.97 views

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for...

9.8CVSS8.8AI score0.99979EPSS
Exploits23
The Hacker News
The Hacker News
added 2025/04/15 1:44 p.m.42 views

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859 , carries a CVSS score of...

10CVSS8.4AI score0.99945EPSS
Exploits56
The Hacker News
The Hacker News
added 2025/04/15 1:25 p.m.21 views

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people don't know is that browser extensions' excessive permissions are a growing risk to organizations. LayerX today announced the release of the...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/15 1:20 p.m.18 views

Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index PyPI repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extensio...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/15 9:10 a.m.19 views

Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 t...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/15 4:39 a.m.31 views

Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 CVSS score: 9.0, the vulnerability refers to the use of a hard-cod...

9.8CVSS9.8AI score0.93842EPSS
Exploits6
The Hacker News
The Hacker News
added 2025/04/15 4:10 a.m.12 views

Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval

Meta has announced that it will begin to train its artificial intelligence AI models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. "This training will better support...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/14 4:9 p.m.33 views

ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients int...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/14 1:24 p.m.18 views

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validatio...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/14 11:19 a.m.66 views

⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Attackers aren't waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week's events show a hard truth: it's not enough to react afte...

9.5CVSS8.3AI score0.93842EPSS
Exploits30
The Hacker News
The Hacker News
added 2025/04/14 10:30 a.m.24 views

Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind

AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alert...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/14 6:55 a.m.35 views

Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT. The activity, detected by SEQRITE in December 2024, targeted Indian entities und...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/11 5:55 p.m.46 views

Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit

Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched security flaws, including, but not...

9.8CVSS10AI score0.99474EPSS
Exploits29
The Hacker News
The Hacker News
added 2025/04/11 1:9 p.m.21 views

Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/11 10:30 a.m.15 views

Initial Access Brokers Shift Tactics, Selling More for Less

What are IABs? Initial Access Brokers IABs specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like soci...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/11 8:53 a.m.20 views

Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways

Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat hunters warned of a surge in suspicious login scanning activity targeting its appliances. "Our teams are observing evidence of activity consistent with...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/11 8:13 a.m.27 views

SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps

Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/11 4:58 a.m.40 views

OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

A newly disclosed high-severity security flaw impacting OttoKit formerly SureTriggers has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 CVSS score: 8.1, is an authorization bypass bug that could permit an attacker to create...

8.1CVSS8.2AI score0.7568EPSS
Exploits8
The Hacker News
The Hacker News
added 2025/04/10 2:13 p.m.18 views

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 CVSS score: 9.0 is a Time-of-Check...

9CVSS8.3AI score0.37055EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/04/10 12:58 p.m.16 views

Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries and execute malicious code in what's seen as a sneakier attempt to stage a software supply chain attack. The newly discovered package, named...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/10 11:25 a.m.24 views

PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party

Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/10 11:0 a.m.20 views

The Identities Behind AI Agents: A Deep Dive Into AI & NHI

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/10 10:53 a.m.21 views

Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine

The Russia-linked threat actor known as Gamaredon aka Shuckworm has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel. The group targeted the military mission of a Western country,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/10 9:55 a.m.15 views

Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence

Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals. "In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as 'Superstar,' faced consequenc...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/10 7:15 a.m.17 views

AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections

Cybersecurity researchers have disclosed details of an artificial intelligence AI powered platform called AkiraBot that's used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization SEO services such as Akira and ServicewrapGO. "AkiraBot has...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/09 2:28 p.m.44 views

Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages

Lovable, a generative artificial intelligence AI powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/09 11:38 a.m.64 views

New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner

A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. "Previously unseen in ToddyCat attacks, TCESB is designed to stealthily execute payloads ...

6.8CVSS7.2AI score0.58132EPSS
Exploits17
The Hacker News
The Hacker News
added 2025/04/09 10:30 a.m.18 views

Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots

GitGuardian's State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities NHIs, which have been outnumbering human users for years. We need to get ahead of it and prepare security...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/09 8:4 a.m.63 views

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware

Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System CLFS was exploited as a zero-day in ransomware attacks aimed at a small number of targets. "The targets include organizations in the information technology IT and real estate sectors of the United...

7.8CVSS8.5AI score0.48973EPSS
Exploits13
The Hacker News
The Hacker News
added 2025/04/09 8:0 a.m.27 views

CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 CVSS score:...

9CVSS7.7AI score0.93842EPSS
Exploits6
The Hacker News
The Hacker News
added 2025/04/09 7:6 a.m.40 views

Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability

Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 126 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in...

8.1CVSS8.5AI score0.48973EPSS
Exploits23
The Hacker News
The Hacker News
added 2025/04/09 3:12 a.m.33 views

Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered

Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. Of the 30 flaws in the product, 11 are rated Critical in severity -...

9.1CVSS9.2AI score0.26691EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/04/08 5:53 p.m.30 views

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887 , carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change...

9.8CVSS7.7AI score0.14833EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/04/08 4:56 p.m.25 views

Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal

Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager SSM Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create...

8.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/08 4:7 p.m.13 views

Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings

Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. "One such project, officepackage, on the mai...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/08 11:0 a.m.20 views

Agentic AI in the SOC - Dawn of Autonomous Alert Triage

Security Operations Centers SOCs today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/08 10:12 a.m.66 views

UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine

The Computer Emergency Response Team of Ukraine CERT-UA has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/08 8:11 a.m.21 views

CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation

A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency CISA to its Known Exploited Vulnerabilities KEV catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authenticatio...

9.8CVSS7.9AI score0.99947EPSS
Exploits24
The Hacker News
The Hacker News
added 2025/04/08 4:5 a.m.27 views

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-53150 CVSS score: 7.8 - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure...

7.8CVSS7.8AI score0.03558EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/04/07 1:40 p.m.18 views

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks

Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control C2 channel. "'Fast flux' is a technique used to...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/07 11:25 a.m.69 views

⚡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Surge and More

Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps — but in job offers, hardware, and cloud services we rely on every day. Hackers don't need sophisticated...

10CVSS9.3AI score0.99979EPSS
Exploits29
The Hacker News
The Hacker News
added 2025/04/07 11:0 a.m.14 views

Security Theater: Vanity Metrics Keep You Busy - and Exposed

After more than 25 years of mitigating risks, ensuring compliance, and building robust security programs for Fortune 500 companies, I've learned that looking busy isn't the same as being secure. It's an easy trap for busy cybersecurity leaders to fall into. We rely on metrics that tell a story of...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/07 7:29 a.m.24 views

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks

A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management CRM tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims' digital wallets. "Recipients of the bulk sp...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/05 3:50 p.m.52 views

Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws

A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a "conflicted" individual straddling a legitimate career in cybersecurity and pursuing cybercrime. In a new extensive...

7.8CVSS8.5AI score0.31894EPSS
Exploits28
The Hacker News
The Hacker News
added 2025/04/05 2:23 p.m.35 views

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan RAT loader. "These latest samples employ hexadecimal...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/05 8:38 a.m.48 views

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Cybersecurity researchers have uncovered malicious libraries in the Python Package Index PyPI repository that are designed to steal sensitive information and test stolen credit card data. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/04 12:28 p.m.14 views

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token PAT related to SpotBugs. "The attackers obtained initial acce...

7.2AI score
Exploits0
Total number of security vulnerabilities20926