Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
Jan 14, 2025Ravie LakshmananVulnerability / Data Privacy New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow…
Category: TheHackerNews
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Jan 14, 2025Ravie LakshmananEndpoint Security / Vulnerability Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have…
Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political…
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new…
Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces
Jan 14, 2025Ravie LakshmananVulnerability / Network Security Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management…
Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions
Jan 14, 2025Ravie LakshmananCryptocurrency / Online Scam The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion…
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
Jan 14, 2025Ravie LakshmananVulnerability / Cybersecurity The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote…
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
Jan 13, 2025Ravie LakshmananVulnerability / Cloud Security A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation…
Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems
Jan 13, 2025Ravie LakshmananMalware / Domain Security No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking…
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a…
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Jan 11, 2025Ravie LakshmananAI Security / Cybersecurity Microsoft has revealed that it’s pursuing legal action against a “foreign-based threat–actor group” for operating a hacking-as-a-service infrastructure…
DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering
Jan 11, 2025Ravie LakshmananFinancial Crime / Cryptocurrency The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating…