Lucene search
+L

20926 matches found

The Hacker News
The Hacker News
added 2025/04/04 10:57 a.m.10 views

Have We Reached a Distroless Tipping Point?

There's a virtuous cycle in technology that pushes the boundaries of what's being built and how it's being used. A new technology development emerges and captures the world's attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/04 6:7 a.m.30 views

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure product that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-22457 CVSS score: 9.0, concerns a case of a stack-based buffer overflow that could be...

9.9CVSS9.2AI score0.99999EPSS
Exploits23
The Hacker News
The Hacker News
added 2025/04/04 6:6 a.m.10 views

OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers

A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting BPH provider called Proton66 to facilitate their operations. The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect.com hosted...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/04 4:54 a.m.15 views

CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware

The Computer Emergency Response Team of Ukraine CERT-UA has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data. The campaign, the agency said, involved the use o...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/04 3:38 a.m.64 views

Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code

A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances. Apache Parquet is a free and open-source columnar data file format that's designed for...

10CVSS8.2AI score0.99945EPSS
Exploits56
The Hacker News
The Hacker News
added 2025/04/03 5:39 p.m.22 views

Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware

Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hostin...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/03 12:22 p.m.26 views

Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware

The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/03 11:25 a.m.9 views

AI Threats Are Evolving Fast — Learn Practical Defense Tactics in this Expert Webinar

The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it's also giving cybercriminals smarter ways to attack. They're moving quicker, targeting more precisely, and slipping past old defenses without being noticed. And here's the harsh truth: If...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/03 10:34 a.m.13 views

AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock

AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/03 8:21 a.m.29 views

Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent

Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service DoS or send arbitrary files to a target's device without their approval. The flaw, tracked as...

7.1CVSS7.8AI score0.0039EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/04/03 7:34 a.m.18 views

Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices

Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada. "More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia," Kaspers...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/03 4:45 a.m.18 views

Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign

Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface API from payment processor Stripe to validate stolen payment information prior to exfiltration. "This tactic ensures that only valid card data is sent to the attackers,...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/03 3:58 a.m.17 views

Europol Dismantles Kidflix With 72,000 CSAM Videos Seized in Major Operation

In one of the largest coordinated law enforcement operations, authorities have dismantled Kidflix, a streaming platform that offered child sexual abuse material CSAM. "A total of 1.8 million users worldwide logged on to the platform between April 2022 and March 2025," Europol said in a statement...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/02 1:48 p.m.24 views

Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse

Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform GCP Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity t...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/02 11:25 a.m.21 views

Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers

Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology NIST offers a comprehensive set of frameworks that provide...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/02 10:43 a.m.45 views

Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers

Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw aka Dota that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation ...

7.8CVSS7.8AI score0.83524EPSS
Exploits96
The Hacker News
The Hacker News
added 2025/04/02 10:0 a.m.21 views

How SSL Misconfigurations Impact Your Attack Surface

When assessing an organization's external attack surface, encryption-related issues especially SSL misconfigurations receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited. This highlights...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/02 6:52 a.m.14 views

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites

The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis not to be confused with an Android banking trojan of the same name that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/02 5:55 a.m.22 views

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth

Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new module that implements call stack spoofing to hide the origin of...

8.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/01 5:8 p.m.15 views

Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign

Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a...

8.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/01 3:34 p.m.12 views

Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform

On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted E2EE to any user in any email inbox in a few clicks. The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/01 2:18 p.m.14 views

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing

A new sophisticated phishing-as-a-service PhaaS platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services RCS for Android. Lucid's unique selling point lies in its weaponizing of legitimate communication...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/01 11:28 a.m.24 views

Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices

Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question are listed below - CVE-2025-24085 CVSS score: 7.3 - A use-after-free bug in the Core Medi...

8.8CVSS6.9AI score0.18668EPSS
Exploits6
The Hacker News
The Hacker News
added 2025/04/01 11:17 a.m.14 views

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/01 11:3 a.m.25 views

China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions

Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific APAC and Latin American LATAM regions. "Th...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/01 11:3 a.m.16 views

Case Study: Are CSRF Tokens Sufficient in Preventing CSRF Attacks?

Explore how relying on CSRF tokens as a security measure against CSRF attacks is a recommended best practice, but in some cases, they are simply not enough. Introduction As per the Open Web Application Security Project OWASP, CSRF vulnerabilities are recognized as a significant threat and are...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/01 5:47 a.m.8 views

Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices

Apple has been hit with a fine of €150 million $162 million by France's competition watchdog over the implementation of its App Tracking Transparency ATT privacy framework. The Autorité de la concurrence said it's imposing a financial penalty against Apple for abusing its dominant position as a...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/31 4:41 p.m.31 views

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is...

7CVSS7.5AI score0.31894EPSS
Exploits7
The Hacker News
The Hacker News
added 2025/03/31 1:56 p.m.28 views

⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind...

5.3CVSS8.7AI score0.99098EPSS
Exploits52
The Hacker News
The Hacker News
added 2025/03/31 12:4 p.m.56 views

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory...

10CVSS8.9AI score0.93971EPSS
Exploits19
The Hacker News
The Hacker News
added 2025/03/31 11:25 a.m.40 views

⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More

Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind...

10CVSS9.4AI score0.99098EPSS
Exploits52
The Hacker News
The Hacker News
added 2025/03/31 11:0 a.m.20 views

5 Impactful AWS Vulnerabilities You're Responsible For

If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer's responsibility. Think of AWS security like protecting a building: AWS provides strong...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/31 9:30 a.m.25 views

Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/30 5:7 a.m.47 views

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

The U.S. Cybersecurity and Infrastructure Security Agency CISA has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure ICS appliances. "RESURGE contains capabilities of the SPAWNCHIMERA...

9CVSS9.3AI score0.99971EPSS
Exploits13
The Hacker News
The Hacker News
added 2025/03/29 7:28 a.m.26 views

New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remot...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/29 3:52 a.m.31 views

BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability

In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability i...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/28 1:21 p.m.20 views

Researchers Uncover 46 Critical Flaws in Solar Power Systems From Sungrow, Growatt, and SMA

Cybersecurity researchers have disclosed 46 new security flaws in products from three solar power system vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids. The vulnerabilities ha...

9.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/28 11:57 a.m.27 views

CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection

Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. "The...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/28 10:15 a.m.17 views

Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity

Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/28 8:6 a.m.15 views

PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps

An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/28 6:6 a.m.19 views

Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/28 5:44 a.m.40 views

Mozilla Patches Critical Firefox Bug Similar to Chrome's Recent Zero-Day Vulnerability

Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an...

8.3CVSS8.6AI score0.08404EPSS
Exploits6
The Hacker News
The Hacker News
added 2025/03/27 4:58 p.m.23 views

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims' DNS Email Records

Cybersecurity researchers have shed light on a new phishing-as-a-service PhaaS platform that leverages the Domain Name System DNS mail exchange MX records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishi...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/27 2:10 p.m.9 views

Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response EDR software on compromised hosts, according to ESET...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/27 12:31 p.m.22 views

APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

An advanced persistent threat APT group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/27 11:25 a.m.14 views

New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It

Whether it's CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/27 10:0 a.m.26 views

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim's system. Here are the top three Microsoft...

7.8CVSS7.9AI score0.99945EPSS
Exploits95
The Hacker News
The Hacker News
added 2025/03/27 8:13 a.m.47 views

150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms

An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. "The threat actor has slightly revamped their interface but is still relying on an iframe...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/27 6:23 a.m.38 views

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform XP to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below -...

9.8CVSS8.9AI score0.99993EPSS
Exploits69
The Hacker News
The Hacker News
added 2025/03/27 6:6 a.m.22 views

NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems

A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that's used to manage data protection across applications, databases, virtual machines, and file systems, offering the...

9.9CVSS6.7AI score0.00645EPSS
Exploits0
Total number of security vulnerabilities20926