Latest News

Attackers are luring victims into a Zoom call and then taking over their PC to install malware, infiltrate their accounts, and steal their assets.

At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in

Blockchain infrastructure provider dRPC has announced the launch of a NodeHaus platform that enables chain foundations unprecedented control…

A newly discovered malicious program effectively turns Android phones into malicious tap machines that vacuum up payment card data.

Blue Shield of California said it accidentally leaked the personal data of 4.7 million individuals to Google after a Google Analytics misconfiguration.

SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake…

As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in a report shared with The Hacker News. This translates to 45 security flaws that have been weaponized

Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This mechanism allows a user application to perform various actions without using system calls," the company said in

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vestel Equipment: AC Charger Vulnerability: Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to sensitive information, such as credentials which could subsequently enable them to cause a denial of service or partial loss of integrity of the charger. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AC Charger are affected: AC Charger EVC04: Version 3.75.0 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF SENSITIVE SYSTEM INFORMATION TO AN UNAUTHORIZED CONTROL SPHERE CWE-497 Affected versions of Vestel AC Charger contains a vulnerability that could enable an attacker to access files containing sensitive information, such as credentials which could be used to further compromise the device. CVE-2025-3606 has been assigned to this vulnerability. A CVSS ...