The Hacker News1h
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
LockBit's developer charged for enabling global ransomware attacks netting $500M; U.S. leads extradition effort.
The Hacker News1h
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a ...
The Hacker News1h
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
CVE-2024-53677: Critical 9.5 CVSS Apache Struts flaw enables remote code execution; patch now in version 6.4.0.
The Hacker News1d
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
The security vendor said CVE-2024-12727 impacts about 0.05% of devices, whereas CVE-2024-12728 affects approximately 0.5% of ...
The Hacker News1d
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List
CISA lists CVE-2024-12356, a critical BeyondTrust flaw, as actively exploited. Update on-prem systems to patch ...
The Hacker News1d
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools
Fortinet EMS flaw (CVE-2023-48788, CVSS 9.3) exploited globally, dropping remote access tools and stealing credentials.
The Hacker News1d
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
Lazarus Group's CookiePlus malware targets nuclear engineers, showcasing DPRK's evolving arsenal and $1.34B in 2024 crypto ...
The Hacker News1d
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Fake npm packages @typescript_eslinter/eslint and types-node exploit typosquatting to drop trojans, risking software supply ...
The Hacker News1d
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
Fortinet patches critical flaws in FortiWLM and FortiManager. CVE-2023-34990 risks sensitive data, while CVE-2024-48889 ...
The Hacker News1d
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords
Default passwords on Juniper SSR devices exploited by Mirai botnet malware for DDoS attacks. Update credentials and audit ...
The Hacker News1d
HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft
Phishers exploit HubSpot Free Forms to target 20,000 European users, compromising Azure accounts and bypassing security ...
The Hacker News2d
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
CISA's new directive mandates federal agencies secure cloud environments by 2025, introducing SCuBA tools for monitoring and ...