Security News

whoAMI attacks give hackers code execution on Amazon EC2 instances
2025-02-13 23:35

Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. [...]

Hacker leaks account data of 12 million Zacks Investment users
2025-02-13 17:39

Zacks Investment Research (Zacks) last year reportedly suffered another data breach that exposed sensitive information related to roughly 12 million accounts. [...]

North Korean hackers spotted using ClickFix tactic to deliver malware
2025-02-13 16:16

North Korean state-sponsored group Kimsuky (aka Emerald Sleet, aka VELVET CHOLLIMA) is attempting to deliver malware to South Korean targets by leveraging the so-called “ClickFix” tactic. A...

Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
2025-02-13 15:13

A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit...

How Much Time Does it Take for Hackers to Crack My Password?
2025-02-13 11:00

Hackers can crack weak passwords in seconds, while strong ones may take years. Learn about the time to crack your password and boost security.

zkLend loses $9.5M in crypto heist, asks hacker to return 90%
2025-02-12 23:08

Decentralized money lender zkLend suffered a breach where threat actors exploited a smart contract flaw to steal 3,600 Ethereum, worth $9.5 million at the time. [...]

DPRK hackers dupe targets into typing PowerShell commands as admin
2025-02-12 18:56

North Korean state actor 'Kimsuky' (aka 'Emerald Sleet' or 'Velvet Chollima') has been observed using a new tactic inspired from the now widespread ClickFix campaigns. [...]

North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack
2025-02-12 10:43

The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to...

Russian military hackers deploy malicious Windows activators in Ukraine
2025-02-11 16:44

The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. [...]

SonicWall firewall exploit lets hackers hijack VPN sessions, patch now
2025-02-11 15:56

Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the...