Security
Headlines
HeadlinesLatestCVEs

Latest News

Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters

Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The MaaS [malware-as-a-service] operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to bypass web filtering and for ease of use," Cisco Talos researchers Chris Neal and Craig Jackson

The Hacker News
Open in Source
#web#cisco#git#The Hacker News
Police Shut Down 100 Servers Tied to Russian NoName057(16), Arrest 2

In an operation called Eastwood, authorities arrested two people and shut down more than 100 servers linked to the Russian group NoName057(16).

Adoption agency leaks over a million records

The database contained 1,115,061 records including the names of children, birth parents, adoptive parents, and other potentially sensitive information like case notes.

Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner

Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution. "The attacker leverages

Meta AI chatbot bug could have allowed anyone to see private conversations

A researcher has disclosed how he found a—now fixed—vulnerability in Meta AI that could have allowed others to see private questions and answers.

Why Cybersecurity Still Matters for America's Schools

Cyberattacks on educational institutions are growing. But with budget constraints and funding shortfalls, leadership teams are questioning whether — and how — they can keep their institutions safe.

WeTransfer walks back clause that said it would train AI on your files

File sharing site WeTransfer has rolled back language that allowed it to train machine learning models on any files that its users uploaded.

China-Backed Salt Typhoon Hacks US National Guard for Nearly a Year

Between March and December of last year, infamous Chinese state-sponsored APT Salt Typhoon gained access to sensitive US National Guard data.

Chrome fixes 6 security vulnerabilities. Get the update now!

Google has released an update for its Chrome browser to patch six security vulnerabilities including one zero-day.

GHSA-46m5-8hpj-p5p5: Grafana's insecure DingDing Alert integration exposes sensitive information

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01