The Hacker News
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
A critical security flaw has been disclosed in the Next.js React framework that could be potentially ...View More
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed
The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-t ...View More
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryp ...View More
UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools
Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical inf ...View More
Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates
The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed usin ...View More
10 Critical Network Pentest Findings IT Teams Overlook
After conducting over 10,000 automated internal network penetration tests last year, vPenTest has un ...View More
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a ...View More
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to targe ...View More
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitatio ...View More
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer mal ...View More
