An Automated Exploitation Toolkit Targeting Hikvision IP Cameras
A new open-source tool called HikvisionExploiter has emerged, designed to automate attacks on vulnerable Hikvision IP cameras. Released on GitHub in mid-2024 but gaining renewed…
Category: CyberSecurityNews
10 Malicious npm Packages with Auto-Run Feature on Install Deploys Multi-Stage Credential Harvester
The npm ecosystem faces a sophisticated new threat as ten malicious packages have emerged, each designed to automatically execute during installation and deploy a comprehensive…
PoC Exploit Released for BIND 9 Vulnerability that Let Attackers Forge DNS Records
A public exploit code demonstrating how attackers could exploit CVE-2025-40778, a critical vulnerability in BIND 9 that enables DNS cache poisoning. The Internet Systems Consortium…
Thousands of Exchange Servers in Germany Still Running with Out-of-Support Versions
Microsoft Exchange servers in Germany are still running without security updates, just weeks after the official end of support for key versions. The Federal Office…
Chrome to Alert Users “Always Use Secure Connections” While Opening Public HTTP Sites
Google has announced a significant security initiative that will fundamentally change how Chrome handles unsecured web connections. Beginning with Chrome 154’s release in October 2026,…
Windows Accessibility Flaw Allows Stealthy Persistence and Lateral Movement via Narrator DLL Hijack
A persistent vulnerability related to DLL hijacking has been identified in the Narrator accessibility tool, which has been a significant concern over time. This flaw…
Windows Accessibility Flaw Allows Stealthy Persistence and Lateral Movement via Narrator DLL Hijack
A persistent vulnerability related to DLL hijacking has been identified in the Narrator accessibility tool, which has been a significant concern over time. This flaw…
New Beast Ransomware Actively Scans for Active SMB Port from Breached System to Spread Across Network
The Beast ransomware group has emerged as a significant threat in the cybersecurity landscape, evolving from the Monster ransomware strain to establish itself as a…
CISA Warns of Dassault Systèmes Vulnerabilities Actively Exploited in Attacks
CISA has added two critical vulnerabilities affecting Dassault Systèmes DELMIA Apriso to its Known Exploited Vulnerabilities catalog, warning that threat actors are actively exploiting these…
Hackers Allegedly Claim Breach Of HSBC USA Customers’ Records Including Financial Details
A threat actor has claimed responsibility for breaching HSBC USA, alleging possession of a vast database containing sensitive customer personal identifiable information (PII) and financial…
Google Wear OS Message App Vulnerability Let Any Installed App To Send SMS Behalf Of User
A vulnerability in Google Messages on Wear OS devices allows any installed app to silently send SMS, MMS, or RCS messages on behalf of the…
Microsoft Sued for Allegedly Misleading Millions to Subscribe for Microsoft 365 Subscriptions
Australia’s competition regulator has filed legal proceedings against Microsoft for allegedly misleading approximately 2.7 million Australian consumers regarding subscription options and pricing for Microsoft 365…