Critical security vulnerabilities in Apache Jena have been disclosed that enable administrators to access and create files outside designated server directories, potentially compromising system security. […]
Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack
Popular configuration packages for integrating Prettier with ESLint, the widely used code formatting tools within JavaScript and TypeScript projects, were hijacked after a maintainer fell […]
Hackers Selling macOS 0-Day LPE Exploit on Dark Forums
A threat actor claiming to possess a zero-day Local Privilege Escalation (LPE) exploit targeting Apple’s macOS operating system has emerged on underground cybercriminal forums, offering […]
Dark Web Travel Agencies Exploit Cheap Deals to Steal Credit Card Data
Dark web travel agencies have developed into highly skilled organizations operating in the murky corners of cybercrime, using hacked credit card information, compromised loyalty accounts, […]
PoisonSeed überlistet FIDO-Schlüssel
Cyberkriminelle nutzen die geräteübergreifende Anmeldeoption von FIDO aus, um eine von ihnen kontrollierte authentifizierte Sitzung zu erstellen. ArtemisDiana – shutterstock.com FIDO-Schlüssel verwenden eine hardwarebasierte Multi-Faktor-Authentifizierung, […]
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access
The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The […]
Cybercriminals Merge Android Malware with Click Fraud Apps to Harvest Credentials
Researchers uncovered an active Android malware cluster that ingeniously combines brand impersonation with traffic monetization tactics, targeting users across multiple regions. These malicious Android Package […]
Financial Institutions Under Siege by Greedy Sponge Hackers’ Modified AllaKore RAT
A financially motivated threat actor, now identified as Greedy Sponge, has been relentlessly targeting Mexican organizations with a customized version of the AllaKore Remote Access […]
Cybercriminals from GLOBAL GROUP Target All Platforms with Golang Ransomware
A notorious ransomware actor known by the alias $$$ has unveiled GLOBAL GROUP, positioning it as a cutting-edge Ransomware-as-a-Service (RaaS) operation. Promising automated negotiations, cross-platform […]
wolfSSL Security Update Addresses Apple Trust Store Bypass
wolfSSL has released version 5.8.2 to address several critical security vulnerabilities, with the most significant being a high-severity Apple trust store bypass flaw that could […]