Security News

Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials
2025-04-09 20:58

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management...

Critical FortiSwitch flaw lets hackers change admin passwords remotely
2025-04-09 16:09

Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. [...]

Hackers lurked in Treasury OCC’s systems since June 2023 breach
2025-04-08 17:29

Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails. [...]

Google’s Sec-Gemini v1 Takes on Hackers & Outperforms Rivals by 11%
2025-04-07 20:23

Sec-Gemini v1 has access to real-time cybersecurity data from trusted sources including Google Threat Intelligence, Mandiant’s attack reports, and the Open Source Vulnerabilities database.

Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
2025-04-05 15:50

A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a "conflicted"...

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
2025-04-05 14:23

The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail...

North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds
2025-04-04 08:21

The attackers pose as legitimate remote IT workers, looking to both generate revenue and access sensitive company data through employment. "Europe needs to wake up fast,” according to Google’s...

Hackers abuse WordPress MU-Plugins to hide malicious code
2025-03-31 17:06

Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection. [...]

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
2025-03-31 16:41

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp....

North Korean hackers adopt ClickFix attacks to target crypto firms
2025-03-31 15:56

The notorious North Korean Lazarus hacking group has reportedly adopted 'ClickFix' tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance...