News

The Hacker News3h
ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
ToyMaker deploys LAGTOY malware to steal credentials and sell access to CACTUS ransomware groups for double extortion.
The Hacker News1d
DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks
Earlier this month, Google-owned Mandiant also revealed that another security flaw in ICS (CVE-2025-22457) has been ...
The Hacker News1d
Why NHIs Are Security's Most Dangerous Blind Spot
Non-Human Identities, for the most part, authenticate using secrets: API keys, tokens, certificates, and other credentials ...
The Hacker News1d
New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework
"SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing an unauthenticated ...
The Hacker News1d
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully ...
The Hacker News2d
Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
"A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to ...
The Hacker News1d
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 ...
The Hacker News2d
Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign
The solution provides 99% discovery and visibility of all users, workloads, and devices across IT, IoT, OT, and IoMT ...
The Hacker News2d
WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads
WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from ...
The Hacker News1d
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
The exploitation of a security flaw in Innorix Agent for lateral movement is notable for the fact that a similar approach has ...
The Hacker News2d
Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that ...
The Hacker News3d
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
Phishers abused Google Sites and DKIM replay to send valid-signed emails, bypassing filters and stealing credentials.