Category: TheHackerNews

U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
23
May
2025

U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools)…

Share: X : U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime OperationFacebook : U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime OperationLinkedin : U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime OperationReddit : U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime OperationTelegram : U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime OperationWhatsApp : U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime OperationEmail : U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
GitLab Duo Vulnerability
23
May
2025

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab’s artificial intelligence (AI) assistant Duo that could have allowed…

Share: X : GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden PromptsFacebook : GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden PromptsLinkedin : GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden PromptsReddit : GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden PromptsTelegram : GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden PromptsWhatsApp : GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden PromptsEmail : GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
Broader SaaS Attacks
23
May
2025

CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs

May 23, 2025Ravie LakshmananCloud Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault…

Share: X : CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud MisconfigsFacebook : CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud MisconfigsLinkedin : CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud MisconfigsReddit : CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud MisconfigsTelegram : CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud MisconfigsWhatsApp : CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud MisconfigsEmail : CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
Chinese Hackers Exploit Trimble Cityworks Flaw
22
May
2025

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

May 22, 2025Ravie LakshmananVulnerability / Threat Intelligence A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation…

Share: X : Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government NetworksFacebook : Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government NetworksLinkedin : Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government NetworksReddit : Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government NetworksTelegram : Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government NetworksWhatsApp : Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government NetworksEmail : Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host
22
May
2025

Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host

May 22, 2025Ravie LakshmananVulnerability / Software Security Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network…

Share: X : Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise HostFacebook : Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise HostLinkedin : Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise HostReddit : Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise HostTelegram : Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise HostWhatsApp : Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise HostEmail : Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
22
May
2025

Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise

May 22, 2025Ravie LakshmananCybersecurity / Vulnerability A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it…

Share: X : Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory CompromiseFacebook : Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory CompromiseLinkedin : Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory CompromiseReddit : Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory CompromiseTelegram : Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory CompromiseWhatsApp : Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory CompromiseEmail : Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program
22
May
2025

Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program

May 22, 2025The Hacker NewsSecurity Framework / Cyber Defense It’s not enough to be secure. In today’s legal climate, you…

Share: X : Learn How to Build a Reasonable and Legally Defensible Cybersecurity ProgramFacebook : Learn How to Build a Reasonable and Legally Defensible Cybersecurity ProgramLinkedin : Learn How to Build a Reasonable and Legally Defensible Cybersecurity ProgramReddit : Learn How to Build a Reasonable and Legally Defensible Cybersecurity ProgramTelegram : Learn How to Build a Reasonable and Legally Defensible Cybersecurity ProgramWhatsApp : Learn How to Build a Reasonable and Legally Defensible Cybersecurity ProgramEmail : Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
22
May
2025

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

May 22, 2025Ravie LakshmananEnterprise Security / Malware A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM)…

Share: X : Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network AttacksFacebook : Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network AttacksLinkedin : Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network AttacksReddit : Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network AttacksTelegram : Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network AttacksWhatsApp : Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network AttacksEmail : Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
Identity Security
22
May
2025

Identity Security Has an Automation Problem—And It’s Bigger Than You Think

May 22, 2025The Hacker NewsEnterprise Security / Identity Management For many organizations, identity security appears to be under control. On…

Share: X : Identity Security Has an Automation Problem—And It’s Bigger Than You ThinkFacebook : Identity Security Has an Automation Problem—And It’s Bigger Than You ThinkLinkedin : Identity Security Has an Automation Problem—And It’s Bigger Than You ThinkReddit : Identity Security Has an Automation Problem—And It’s Bigger Than You ThinkTelegram : Identity Security Has an Automation Problem—And It’s Bigger Than You ThinkWhatsApp : Identity Security Has an Automation Problem—And It’s Bigger Than You ThinkEmail : Identity Security Has an Automation Problem—And It’s Bigger Than You Think
Lumma Stealer Malware Network
22
May
2025

FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections

A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online…

Share: X : FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million InfectionsFacebook : FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million InfectionsLinkedin : FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million InfectionsReddit : FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million InfectionsTelegram : FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million InfectionsWhatsApp : FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million InfectionsEmail : FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections
Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics
21
May
2025

Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics

Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022….

Share: X : Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid LogisticsFacebook : Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid LogisticsLinkedin : Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid LogisticsReddit : Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid LogisticsTelegram : Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid LogisticsWhatsApp : Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid LogisticsEmail : Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics
PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms
21
May
2025

PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms

May 21, 2025Ravie LakshmananMalware / Windows Security Russian organizations have become the target of a phishing campaign that distributes malware…

Share: X : PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian FirmsFacebook : PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian FirmsLinkedin : PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian FirmsReddit : PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian FirmsTelegram : PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian FirmsWhatsApp : PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian FirmsEmail : PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms