Security
Headlines
HeadlinesLatestCVEs

Latest News

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT. The attack chain, analyzed by Securonix, involves three main moving parts: An obfuscated JavaScript loader injected into a website, an HTML Application (HTA) that runs encrypted

The Hacker News
Open in Source
#web#windows#google#js#java#The Hacker News
GHSA-7vww-mvcr-x6vj: Traefik Inverted TLS Verification Logic in ingress-nginx Provider

## Impact There is a potential vulnerability in Traefik NGINX provider managing the `nginx.ingress.kubernetes.io/proxy-ssl-verify` annotation. The provider inverts the semantics of the `nginx.ingress.kubernetes.io/proxy-ssl-verify` annotation. Setting the annotation to `"on"` (intending to enable backend TLS certificate verification) actually disables verification, allowing man-in-the-middle attacks against HTTPS backends when operators believe they are protected. ## Patches - https://github.com/traefik/traefik/releases/tag/v3.6.3 ## For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues). <details> <summary>Original Description</summary> ### Summary A logic error in Traefik's experimental ingress-nginx provider inverts the semantics of the `nginx.ingress.kubernetes.io/proxy-ssl-verify` annotation. Setting the annotation to `"on"` (intending to enable backend TLS certificate verification)...

GHSA-gm3x-23wp-hc2c: Path Normalization Bypass in Traefik Router + Middleware Rules

## Impact There is a potential vulnerability in Traefik managing the requests using a `PathPrefix`, `Path` or `PathRegex` matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted character from the following set **('/', '\', 'Null', ';', '?', '#')**, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. ## Example ```yaml apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: my-service spec: routes: - match: PathPrefix(‘/admin/’) kind: Rule services: - name: service-a port: 8080 middlewares: - name: my-security-middleware - match: PathPrefix(‘/’) kind: Rule services: - name: service-a port: 8080 ``` In such a case, the request `http://mydomain.example.com/admin%2F` will reach the backend `service-a` without operating the middleware `my-secur...

GHSA-whqg-ppgf-wp8c: Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765

# Authentication Bypass via Double URL Encoding in Astro ## Bypass for CVE-2025-64765 / GHSA-ggxq-hp9w-j794 --- ### Summary A **double URL encoding bypass** allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 (single URL encoding) was fixed in v5.15.8, the fix is insufficient as it only decodes once. By using double-encoded URLs like `/%2561dmin` instead of `/%61dmin`, attackers can still bypass authentication and access protected resources such as `/admin`, `/api/internal`, or any route protected by middleware pathname checks. ## Fix A more secure fix is just decoding once, then if the request has a %xx format, return a 400 error by using something like : ``` if (containsEncodedCharacters(pathname)) { // Multi-level encoding detected - reject request return new Response( 'Bad Request: Multi-level URL encodin...

GHSA-95fv-5gfj-2r84: Emby Server API Vulnerability allowing to gain administrative access without precondition

### Impact This vulnerability affects all Emby Server versions - beta and stable up to the specified versions. It allows an attacker to gain full administrative access to an Emby Server (for Emby Server administration, **not at the OS level**,). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable. ### Patches #### Quick Fix A quick fix will be rolled out via an update to one of the default-included Emby Server plugins. This way is chosen because many users are updating their servers manually while plugin updates are typically configured to be applied automatically. This allows to get a patch deployed to a large amount of servers within a single day. #### Server Patches Patched versions for both, Emby Server stable and Emby Server beta are available now. **All Emby Server owners are strongly encouraged to apply those updates as soon as possible.** ### Workarounds > [!NOTE] > These workarounds are OBSOLETE now. Please update E...

How phishers hide banking scams behind free Cloudflare Pages

We found a campaign that hosts fake login pages on Cloudflare Pages and sends the stolen info straight to Telegram.

INE Earns G2 Winter 2026 Badges Across Global Markets

Cary, North Carolina, USA, 8th December 2025, CyberNewsWire

Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI

Family photos pulled from social media are being used as "proof-of-life" in virtual kidnapping scams, the FBI warns.

Space Bears Ransomware Claims Comcast Data Theft Through QuasarBreach

Space Bears ransowmare claims it obtained Comcast files through a breach at Quasar Inc, with threats to publish the data and separate leaks promised from Quasar itself.

⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More

It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks — all within days. If you blink, you’ll miss how fast the threat map is changing. New flaws are being found, published, and exploited in hours instead of weeks. AI-powered tools meant to help developers