The Unknown Risks of The Software Supply Chain: A Deep-Dive
Jan 24, 2024The Hacker NewsVulnerability / Software Security In a world where more & more organizations are adopting open-source components as foundational blocks in their…
Category: TheHackerNews
Patch Your GoAnywhere MFT Immediately
Jan 24, 2024NewsroomVulnerability / Endpoint Security A critical security flaw has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) software that could be abused…
Gcore Radar Warns of a New Era of DDoS Attacks
Jan 23, 2024The Hacker NewsCybersecurity / Server Security As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which…
VexTrio: The Uber of Cybercrime
The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive…
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Jan 23, 2024NewsroomSoftware Security / Supply Chain Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted…
MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets
Jan 23, 2024NewsroomMalware / Cryptocurrency Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information…
BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time
Jan 23, 2024NewsroomCyber Crime / Dark Web Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role…
Critical Confluence RCE Under Active Exploitation
Jan 23, 2024NewsroomVulnerability / Cyber Attack Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and…
Apple Issues Patch for Critical Zero-Day in iPhones, Macs
Jan 23, 2024NewsroomVulnerability / Device Security Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day…
MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack…
North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor
Jan 22, 2024NewsroomCyber Attack / Hacking Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign…
NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers
Jan 22, 2024NewsroomBrowser Security / Cyber Threat Cybersecurity researchers have discovered a new Java-based “sophisticated” information stealer that uses a Discord bot to exfiltrate sensitive…