Security
Headlines
HeadlinesLatestCVEs

Latest News

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. "MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts," Recorded Future's Insikt Group said in a report shared with The Hacker News. "The malware employs sandbox and virtual machine evasion techniques, a domain

The Hacker News
Open in Source
#mac#java#ssl#The Hacker News
Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support

A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default. "Brand new Microsoft accounts will now be 'passwordless by default,'" Microsoft's Joy Chik and Vasu Jakkal said. "New users will have several passwordless options for

xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs

A employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk's companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.

CVE-2025-4052: Chromium: CVE-2025-4051 Insufficient data validation in DevTools

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 136.0.3240.50 5/1/2025 136.0.7103.49

CVE-2025-4051: Chromium: CVE-2025-4050 Out of bounds memory access in DevTools

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 136.0.3240.50 5/1/2025 136.0.7103.49

CVE-2025-4050: Chromium: CVE-2025-4096 Heap buffer overflow in HTML

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 136.0.3240.50 5/1/2025 136.0.7103.49

CVE-2025-4096: Chromium: CVE-2025-4052 Inappropriate implementation in DevTools

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 136.0.3240.50 5/1/2025 136.0.7103.49

npm Malware Targets Crypto Wallets, MongoDB; Code Points to Turkey

Sonatype discovered ‘crypto-encrypt-ts’, a malicious npm package impersonating the popular CryptoJS library to steal crypto and personal data.…

Scammers Use Spain-Portugal Blackout for TAP Air Refund Phishing Scam

SEO: Cybercriminals are using the recent power outages in Spain and Portugal to launch phishing attacks disguised as…

Understanding the challenges of securing an NGO

Joe talks about how helping the helpers can put a fire in you and the importance of keeping nonprofits cybersecure.