Lucene search
+L

20926 matches found

The Hacker News
The Hacker News
added 2025/03/18 10:1 a.m.20 views

BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse

At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV,...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/18 7:0 a.m.22 views

Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets

Microsoft is calling attention to a novel remote access trojan RAT named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to "steal information from the...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/17 5:8 p.m.45 views

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept PoC a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813 , affects the below versions - Apache Tomcat...

9.8CVSS9.1AI score0.99945EPSS
Exploits47
The Hacker News
The Hacker News
added 2025/03/17 1:12 p.m.36 views

Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 CVSS v4 score: 9.3, a critical operating system command injection flaw that a...

9.3CVSS9.1AI score0.7227EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/03/17 11:52 a.m.33 views

Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions

Malicious actors are exploiting Cascading Style Sheets CSS, which are used to style and format the layout of web pages, to bypass spam filters and track users' actions. That's according to new findings from Cisco Talos, which said such malicious activities can compromise a victim's security and...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/17 11:25 a.m.65 views

⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week's cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new...

10CVSS9.3AI score0.99999EPSS
Exploits94
The Hacker News
The Hacker News
added 2025/03/17 11:0 a.m.30 views

SANS Institute Warns of Novel Cloud-Native Ransomware Attacks

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/17 10:11 a.m.29 views

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery CI/CD workflow. The incident involved the tj-actions/changed-files...

9.8CVSS8.9AI score0.41008EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/03/15 5:55 a.m.34 views

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index PyPI repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/14 3:7 p.m.12 views

Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges

A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme. Rostislav Panev was previously arrested in Israel in...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/14 2:52 p.m.14 views

GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging

The GSM Association GSMA has formally announced support for end-to-end encryption E2EE for securing messages sent via the Rich Communications Services RCS protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/14 11:25 a.m.19 views

Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom

Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea's Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a liv...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/14 11:0 a.m.17 views

Why Most Microsegmentation Projects Fail—And How Andelyn Biosciences Got It Right

Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn't have to be that way. Microsegmentation: The Missing Piece in Zero Trust Security Security teams today are under constant pressure to defend...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/14 6:8 a.m.17 views

New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions

Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware as coined by Microsoft that's designed to monitor a victim's clipboard...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/14 5:37 a.m.33 views

OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection

A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77. The activity, condemned OBSCUREBAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It's currently not known who is...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/13 3:26 p.m.12 views

Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails

Microsoft has shed light on an ongoing phishing campaign that has targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant's...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/13 2:23 p.m.13 views

North Korea's ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps

The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/13 12:26 p.m.35 views

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language SAML authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and...

8.8CVSS9.7AI score0.63792EPSS
Exploits6
The Hacker News
The Hacker News
added 2025/03/13 11:0 a.m.15 views

Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025

As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attac...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/13 7:13 a.m.14 views

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk

Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an...

8.1CVSS8.2AI score0.26049EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/03/13 7:8 a.m.8 views

WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback

Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/12 2:8 p.m.38 views

Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits

The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX Series routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. "The backdoors had varying...

6.7CVSS5.7AI score0.01657EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/03/12 11:56 a.m.34 views

Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack

Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery SSRF vulnerabilities spanning multiple platforms. "At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack...

9.8CVSS7.7AI score0.99999EPSS
Exploits17
The Hacker News
The Hacker News
added 2025/03/12 10:25 a.m.14 views

Pentesters: Is AI Coming for Your Role?

We've been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation , predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/12 9:52 a.m.41 views

URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days

Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity...

7.8CVSS8.2AI score0.66571EPSS
Exploits9
The Hacker News
The Hacker News
added 2025/03/12 4:2 a.m.46 views

Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an...

7.8CVSS6.8AI score0.18668EPSS
Exploits6
The Hacker News
The Hacker News
added 2025/03/11 2:35 p.m.23 views

Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection...

6.5CVSS7.3AI score0.81817EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/03/11 12:30 p.m.42 views

Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution RCE vulnerability in TP-Link Archer routers CVE-2023-1389 to spread itself automatically over the...

8.8CVSS9.1AI score0.99999EPSS
Exploits7
The Hacker News
The Hacker News
added 2025/03/11 11:25 a.m.18 views

Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/11 10:30 a.m.20 views

Steganography Explained: How XWorm Hides Inside Images

Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/11 7:0 a.m.35 views

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat APT group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates,...

7.8CVSS8AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2025/03/11 6:45 a.m.23 views

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297 , has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0...

9.3CVSS8.5AI score0.01777EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/03/11 3:58 a.m.47 views

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager EPM to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is ...

9.9CVSS9AI score0.99987EPSS
Exploits69
The Hacker News
The Hacker News
added 2025/03/10 2:47 p.m.40 views

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/10 12:50 p.m.17 views

Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links

The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024. "The campaign, which leverages social media to distribute malware, is tied to the region's current geopolitical climate," Positive...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/10 11:0 a.m.16 views

Why The Modern Google Workspace Needs Unified Security

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/10 9:46 a.m.50 views

⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact

Cyber threats today don't just evolve—they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds—ranging from nation-state espionage and ransomware to manipulated AI chatbots—the landscape become...

9.3CVSS7.9AI score0.9408EPSS
Exploits10
The Hacker News
The Hacker News
added 2025/03/10 4:12 a.m.18 views

SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools

A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services. Russian cybersecurity company Kaspersky said the activity is part of a larger trend where...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/07 2:15 p.m.32 views

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations

Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker aka Monstrous Mantis, FIN7, FIN8, and Ruthless Mantis ex-REvil. "Ragnar Loader plays a key role in keeping access to...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/07 1:5 p.m.16 views

Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide

Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/07 11:35 a.m.21 views

Webinar: Learn How ASPM Transforms Application Security from Reactive to Proactive

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You're not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That's why we're excited to introduce a smarter, unified...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/07 11:0 a.m.18 views

What PCI DSS v4 Really Means – Lessons from A&F Compliance Journey

Access on-demand webinar here Avoid a $100,000/month Compliance Disaster March 31, 2025: The Clock is Ticking. What if a single overlooked script could cost your business $100,000 per month in non-compliance fines? PCI DSS v4 is coming, and businesses handling payment card data must be prepared...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/07 9:51 a.m.16 views

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index PyPI repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It's no...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/07 9:23 a.m.17 views

U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website

A coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex "garantex.org", nearly three years after the service was sanctioned by the U.S. Treasury Department in April 2022. "The domain for Garantex has been seized by the Unit...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/07 5:40 a.m.21 views

Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist

SafeWallet has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/07 4:42 a.m.47 views

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution RCE flaw in the PHP-CGI implementation of PHP on Windows, to gai...

9.8CVSS7.2AI score0.99987EPSS
Exploits64
The Hacker News
The Hacker News
added 2025/03/06 12:33 p.m.42 views

Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution

Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25015 , carries a CVSS score of 9.9 out of a maximum of...

9.9CVSS8.6AI score0.01648EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/03/06 12:15 p.m.18 views

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. "EncryptHub has been observed targeting users of popular applications, ...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/06 12:14 p.m.16 views

Outsmarting Cyber Threats with Attack Graphs

Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/06 12:1 p.m.31 views

Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to...

10CVSS9.7AI score0.99959EPSS
Exploits12
Total number of security vulnerabilities20926