The Hacker News18h
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
Lazarus Group's CookiePlus malware targets nuclear engineers, showcasing DPRK's evolving arsenal and $1.34B in 2024 crypto ...
The Hacker News19h
HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft
Phishers exploit HubSpot Free Forms to target 20,000 European users, compromising Azure accounts and bypassing security ...
The Hacker News20h
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a ...
The Hacker News21h
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
The security vendor said CVE-2024-12727 impacts about 0.05% of devices, whereas CVE-2024-12728 affects approximately 0.5% of ...
The Hacker News22h
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools
Fortinet EMS flaw (CVE-2023-48788, CVSS 9.3) exploited globally, dropping remote access tools and stealing credentials.
The Hacker News1d
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords
Default passwords on Juniper SSR devices exploited by Mirai botnet malware for DDoS attacks. Update credentials and audit ...
The Hacker News1d
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List
CISA lists CVE-2024-12356, a critical BeyondTrust flaw, as actively exploited. Update on-prem systems to patch ...
The Hacker News1d
UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App
UAC-0125 uses Cloudflare Workers to distribute fake Army+ malware, targeting Ukraine's military for remote access ...
The Hacker News1d
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
Fortinet patches critical flaws in FortiWLM and FortiManager. CVE-2023-34990 risks sensitive data, while CVE-2024-48889 ...
The Hacker News1d
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Fake npm packages @typescript_eslinter/eslint and types-node exploit typosquatting to drop trojans, risking software supply ...
The Hacker News1d
INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse
INTERPOL is calling for a linguistic shift that aims to put to an end to the term " pig butchering ," instead advocating for ...
The Hacker News1d
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
CISA's new directive mandates federal agencies secure cloud environments by 2025, introducing SCuBA tools for monitoring and ...