The Hacker News52m
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
UEFI vulnerability CVE-2024-7344 allows unsigned code execution in Secure Boot systems. Microsoft revokes binaries; vendors ...
The Hacker News1h
Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer
Threat actors embed malware like VIP Keylogger in images via phishing emails and Base64 encoding, leveraging .NET loaders and ...
The Hacker News5h
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
Ivanti patches four EPM vulnerabilities (CVSS 9.8) and updates Avalanche and Application Control Engine. No exploitation ...
The Hacker News5h
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws
Python backdoor delivers RansomHub ransomware after SocGholish exploits outdated WordPress SEO plugins. Impact: lateral ...
The Hacker News9h
Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Lazarus Group's Operation 99 targets Web3 developers via fake LinkedIn profiles and GitLab repositories, stealing ...
The Hacker News9h
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Malvertising targets Google Ads users, redirecting to phishing sites that steal credentials, budgets, and 2FA codes.
The Hacker News23h
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
Simon Scannell, Pedro Gallegos, and Jasiel Spelman from Google Cloud Vulnerability Research have been credited with ...
The Hacker News20h
FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation
The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of ...
The Hacker News9h
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
The San Francisco-based company said the issue has the potential to put millions of American users' data at risk simply by ...
The Hacker News20h
Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
Sekoia said the HATVIBE attack sequence demonstrates targeting and technical overlaps with APT28-related Zebrocy campaigns, ...
The Hacker News20h
3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update
All the three Microsoft Access issues, on the other hand, have been credited to Unpatched.ai, an AI-guided vulnerability ...
The Hacker News20h
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
North Korean hackers stole $1.34 billion in 2024, targeting cryptocurrency exchanges and blockchain firms globally.