Security
Headlines
HeadlinesLatestCVEs

Latest News

CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center

India's Central Bureau of Investigation (CBI) has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out "sophisticated" tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme is estimated to have led to losses worth more than £390,000 ($525,000) in the United Kingdom alone. The law

The Hacker News
Open in Source
#The Hacker News
A week in security (July 7 – July 13)

A list of topics we covered in the week of July 7 to July 13 of 2025

GHSA-x8c6-gj59-6rx8: py-libp2p is vulnerable to DoS attacks through use of large RSA keys

py-libp2p before 0.2.3 allows a peer to cause a denial of service (resource consumption) via a large RSA key.

eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks

Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the Kigen eUICC card. According to the Irish company's website, more than two billion SIMs in IoT devices have been enabled as of December 2020. The findings come from Security Explorations, a research lab

GHSA-qxh9-qmf2-rhwc: Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).

Your Simple Guide: How to Use Filmora’s Planar Tracker for Awesome Video Edits

Easily stick logos, text, or graphics onto moving surfaces with Filmora’s planar tracker. Just read this article to know how!

Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257)

WatchTowr Labs reveals CVE-2025-25257, a critical FortiWeb SQL injection allowing unauthenticated remote code execution. Patch your FortiWeb 7.0,…

About Elevation of Privilege – Windows SMB Client (CVE-2025-33073) vulnerability

About Elevation of Privilege – Windows SMB Client (CVE-2025-33073) vulnerability. A vulnerability from the June Microsoft Patch Tuesday allows an attacker to execute a malicious script, forcing the victim’s host to connect to the attacker’s SMB server and authenticate, resulting in gaining SYSTEM privileges. 🔹 Details on how to exploit the vulnerability were published on […]

GHSA-7pgf-ppxw-8624: Apache Zeppelin exposes server resources to unauthenticated attackers

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs

NVIDIA is urging customers to enable System-level Error Correction Codes (ECC) as a defense against a variant of a RowHammer attack demonstrated against its graphics processing units (GPUs). "Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design specification, and system settings," the GPU maker said in an advisory released this week. Dubbed