All Malware Data Breach Privacy APT Vulnerability General
The Hacker News Vulnerability

Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity

Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually throu

The Hacker News Malware

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them. The oper

The Hacker News Malware

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious activities, including ransomware attacks against Americans. The VPN, named First V

The Hacker News APT

Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, clone

The Hacker News Data Breach

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environment

The Hacker News General

How Pentera Turns AI Security Workflows into Validation Engines

AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat intelligence, configura

The Hacker News Data Breach

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person's separa

The Hacker News Vulnerability

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. "An attacker exploiting one of these vulnerable applicatio

The Hacker News Data Breach

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries.

The Hacker News Malware

LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. "LabubaRAT creates a reusable foothold for hands-on activity," Blackpoint Cyber resea

The Hacker News General

Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and ClaudeBleed need a rogue extension that can already run a script on claude.ai;

The Hacker News Vulnerability

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allow

Prev 1 ... 7 8 9 10 11 ... 86 Next