How One Bad Password Ended a 158-Year-Old Business
Most businesses don’t make it past their fifth birthday – studies show that roughly 50% of small businesses fail within the first five years. So…
Category: TheHackerNews
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials
Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks…
State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability
Sep 24, 2025Ravie LakshmananVulnerability / Email Security Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that…
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security
Sep 23, 2025Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could…
U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN
Sep 23, 2025Ravie LakshmananNational Security / Threat Intelligence The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across…
Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries
Sep 23, 2025Ravie LakshmananFinancial Crime / Cryptocurrency Law enforcement authorities in Europe have arrested five suspects in connection with an “elaborate” online investment fraud scheme…
U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN
Sep 23, 2025Ravie LakshmananNational Security / Threat Intelligence The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across…
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest. The…
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
Sep 23, 2025Ravie LakshmananVulnerability / Data Security SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that,…
Why CISOs Must Rethink Incident Remediation
Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo has cut its workforce by 23% over five years, Bank…
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
Sep 23, 2025Ravie LakshmananSupply Chain Attack / Malware GitHub on Monday announced that it will be changing its authentication and publishing options “in the near…
BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells
Sep 23, 2025Ravie LakshmananSEO Poisoning / Malware Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking…