Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and…
Category: TheHackerNews
CISO’s Guide To Web Privacy Validation And Why It’s Important
May 26, 2025The Hacker NewsData Privacy / Web Security Are your web privacy controls protecting your users, or just a box-ticking exercise? This CISO’s guide…
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
May 25, 2025Ravie LakshmananThreat Intelligence / Software Security Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like…
Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique
The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. “The ClickFix technique…
ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices
May 23, 2025Ravie LakshmananThreat Intelligence / Network Security Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge…
300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide
May 23, 2025Ravie LakshmananRansomware / Dark Web As part of the latest “season” of Operation Endgame, a coalition of law enforcement agencies have taken down…
Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine…
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16…
GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab’s artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code…
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
May 23, 2025Ravie LakshmananCloud Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity…
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
May 22, 2025Ravie LakshmananVulnerability / Threat Intelligence A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability…
Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host
May 22, 2025Ravie LakshmananVulnerability / Software Security Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform…