The Hacker News23h
FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks
D-Link vulnerabilities power Mirai and Kaiten botnets, spreading globally. CAPSAICIN botnet targets East Asia with intense ...
The Hacker News12h
Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia
Cloud Atlas exploits CVE-2018-0802 to deploy VBCloud malware, targeting 80% of victims in Russia for data theft, system ...
The Hacker News19h
Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately
CVE-2024-3393, a critical PAN-OS flaw (CVSS 8.7), allows unauthenticated DoS attacks; update to the latest patches to secure ...
The Hacker News23h
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization
The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java ...
The Hacker News12h
North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
OtterCookie, a new JavaScript malware by North Korean hackers, steals data via Socket.IO and funds nuclear programs.
The Hacker News23h
Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts
Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving ...
The Hacker News23h
North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency ...
The Hacker News2d
Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware
The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware ...
The Hacker News2d
Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
Apache Traffic Control 8.0.2 fixes CVE-2024-45387, a critical 9.9 CVSS SQL injection flaw targeting privileged users.
The Hacker News3d
CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation
CISA adds CVE-2021-44207 to KEV catalog for active exploitation risk. Agencies must patch by Jan 13, 2025, to mitigate remote ...
The Hacker News3d
Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts
PyPI packages "Zebo" and "Cometlogger" downloaded 280+ times, exfiltrate data with obfuscation and anti-detection.
The Hacker News4d
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
Apache releases a security update for CVE-2024-56337, addressing RCE risks in Tomcat servers with critical configuration ...