The Hacker News1h
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Malicious Plugins
Attackers exploit Hunk Companion vulnerability (CVE-2024-11972) to install flawed plugins, enabling RCE attacks on 10,000+ ...
The Hacker News4h
Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested
PowerOFF dismantles 27 DDoS stresser services, arrests administrators, and exposes CDN/WAF misconfiguration risks.
The Hacker News4h
Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged
Critical Cleo software flaw exploited en masse; update Harmony, VLTrader, LexiCom to prevent ransomware attacks.
The Hacker News5h
U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
Chinese hacker charged for exploiting Sophos firewalls via CVE-2020-12271; U.S. sanctions cybersecurity firm Sichuan Silence.
The Hacker News5h
Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service
Secret Blizzard hijacks Amadey bots and Russian backdoors to deploy Kazuar malware in Ukraine, obscuring its presence and ...
The Hacker News5h
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) ...
The Hacker News16h
Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia
China-based threat actors target Southeast Asia organizations with advanced tools like PlugX and reverse proxies.
The Hacker News16h
New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools
A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of ...
The Hacker News19h
Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability
Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software ...
The Hacker News5h
Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017
EagleMsgSpy, a Chinese surveillance tool by Wuhan Chinasoft Token, exploits mobile devices for data collection.
The Hacker News1d
The Future of Network Security: Automated Internal and External Pentesting
Automated pentesting ensures frequent, cost-effective, and thorough security assessments to outpace evolving cyber threats.
The Hacker News1d
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
Ivanti releases patches for critical flaws in CSA and Connect Secure, addressing privilege escalation and code execution ...