Security
Headlines
HeadlinesLatestCVEs

Latest News

Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine

Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group's Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very likely

The Hacker News
Open in Source
#web#mac#google#microsoft#git#backdoor#The Hacker News
U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack

Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged participation in an August 2024 cyber attack targeting Transport for London (TfL), the city's public transportation agency. Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, from East London and Owen Flowers, 18, from Walsall, West Midlands

CVE-2025-10502: Chromium: CVE-2025-10502 Heap buffer overflow in ANGLE

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.81 09/19/2025 140.0.7339.186

CVE-2025-10501: Chromium: CVE-2025-10501 Use after free in WebRTC

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.81 09/19/2025 140.0.7339.186

CVE-2025-10500: Chromium: CVE-2025-10500 Use after free in Dawn

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.81 09/19/2025 140.0.7339.186

CVE-2025-10585: Chromium: CVE-2025-10585 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.81 09/19/2025 140.0.7339.186

GHSA-2h8j-8r9p-849f: @digitalocean/do-markdownit has Type Confusion vulnerability

In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array).

CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization's network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile (EPMM). "Each set contains loaders for malicious listeners that enable cyber threat actors to run arbitrary code on the compromised server,"

GHSA-phwj-fgch-xvrj: Snipe-IT allows unsafe deserialization

Snipe-IT before 8.1.18 allows unsafe deserialization.