The Hacker News20h
AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks
Hackers deliver AsyncRAT using Dropbox URLs and TryCloudflare tunnels, exploiting legitimate services to bypass security ...
The Hacker News15h
Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
Seqrite Labs said it observed some level of tactical overlaps between the threat actor and YoroTrooper (aka SturgeonPhisher), ...
The Hacker News17h
New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
"A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute ...
The Hacker News15h
Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
Lazarus Group targets job seekers via fake LinkedIn offers, delivering malware that steals crypto wallet data.
The Hacker News17h
Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
Microsoft 365 tenants faced ATO attempts by late 2024, with attackers using HTTP clients like Axios and Node Fetch.
The Hacker News19h
Navigating the Future: Key IT Vulnerability Management Trends
24% of companies ran 4+ vulnerability scans in 2024, up from 15% in 2023, showing a shift to continuous monitoring.
The Hacker News1d
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
CISA adds four exploited vulnerabilities to its KEV catalog, urging fixes by Feb 25, 2025, to counter active threats ...
The Hacker News2d
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
CVEs exploited in 2024, a 20% rise from 2023. 23.6% were weaponized on disclosure day, with 400,000 systems at risk.
The Hacker News1d
North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
Contagious Interview, first uncovered in late 2023, is a persistent effort undertaken by the hacking crew to deliver malware ...
The Hacker News2d
Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
Microsoft patched a critical SSRF flaw in Power Platform's SharePoint connector, risking credential theft and data breaches ...
The Hacker News2d
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
Microsoft fixes CVE-2025-21415 (CVSS 9.9) and CVE-2025-21396 flaws, addressing privilege escalation risks in Azure AI Face ...
The Hacker News1d
Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks
The popularity of DeepSeek has also led to it being targeted by "large-scale malicious attacks," with NSFOCUS revealing that ...