§Source · The Hacker News
The Hacker News
Every dispatch we have aggregated from The Hacker News.
All dispatches
Loading
§Source · The Hacker News
Every dispatch we have aggregated from The Hacker News.
All dispatchesFour @asyncapi npm packages were compromised to distribute a multi-stage botnet loader with credential-stealing payloads.
Forg365 phishing-as-a-service uses device-code phishing, AitM, AI lures, and mailbox operations to compromise Microsoft 365 accounts for customers.
Directory listing on misconfigured server exposed three Evilginx phishing operations that bypass MFA to target Microsoft 365 users.
Novel OAuth client ID spoofing enables attackers to validate stolen Microsoft Entra credentials and enumerate accounts while evading telemetry.
Critical stored XSS in Zimbra Classic Web Client could execute crafted-email scripts and enable arbitrary code or session compromise.
Compromise of Injective Labs' GitHub published @injectivelabs/[email protected] npm package that exfiltrates crypto wallet keys and seeds.
Six U-Boot vulnerabilities allow device crashes and potential pre-boot code execution, risking persistent firmware compromise.
Ill Bloom wallet flaw in weak entropy for recovery phrases was exploited to drain over $5M from wallets.
Malicious jscrambler npm v8.14.0 runs a preinstall hook that drops a cross-platform Rust infostealer during package install.
AI Now Institute's 'Friendly Fire' shows autonomous AI coding agents can be tricked into executing attacker code during self-approved scans.
Wiz-discovered GhostApproval symlink flaw lets six AI coding assistants run attacker-controlled code by tricking file approvals.
Cisco Talos finds China-linked UAT-7810 expanding its ORB proxy network using new LONGLEASH malware targeting network devices.
GigaWiper backdoor combines disk-wiping, overwriting, and fake ransomware behaviors to deliver destructive Windows intrusions.
Researchers detail GodDamn ransomware's use of a signed PoisonX kernel driver to disable security tools and evade detection.
WriteOut session isolation bug in Writer AI could leak session tokens across tenants enabling full account takeover.
Iran-linked Cavern (Cav3rn) modular C2 framework used to target Israeli IT providers and government for espionage and lateral access.
RedWing Android malware rented on Telegram enables bank fraud, stealing credentials and OTPs via device takeover.
Get these articles delivered to your inbox.
Subscribe free