North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT via 31 Vercel deployments.

Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. KerioControl is a ...

Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) ...

Microsoft is urging users of VMware’s ESXi hypervisor to take immediate action to ward off ongoing attacks by ransomware groups that give them full administrative control of the servers the product ...

The OKX DEX suffered an exploit resulting in a loss of around $2.7 million in cryptocurrencies after a proxy admin upgraded a contract that allowed a hacker to compromise the private key. OKX ...

The Biden administration believes that a Chinese hacking operation which breached US government email systems, including the State Department, gave the Chinese government insights about US thinking ...

Hackers were able to get away with posting fake Bitcoin giveaways on various Twitter accounts thanks to high level internal admin access. Crypto scammers responsible for what could be the largest ever ...

Hackers are exploiting a zero-day vulnerability in a WordPress plugin made by ThemeREX, a company that sells commercial WordPress themes. The attacks, detected by Wordfence, a company that provides a ...

Apple has issued a patch for the macOS High Sierra security exploit, less than 24 hours after it was made public. It is addressed in Security Update 2017-001, which Apple encourages all macOS High ...

Hackers are exploiting a vulnerability in the popular vBulletin Internet forum software in order to inject rogue administrator accounts into websites using it. The exploit was found by researchers ...