Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil. "It uses Internet Message Access Protocol (IMAP) to dynamically retrieve command-and-control (C2) addresses, allowing the threat actor to

The Hacker News
Open in Source
#web#android#mac#windows#google#linux#hard_coded_credentials#sap#The Hacker News
Why it matters when your online order is drop-shipped

Those too-good-to-be-true online deals often come from drop-shipping sellers, and that can leave you holding all the risk.

Scammers are sending bogus copyright warnings to steal your X login

A copyright violation sounds serious, so cybercriminals are faking messages from the DMCA to lure you into handing over your X credentials.

⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More

This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting off alarms. It’s not just about hacking anymore. Criminals are building systems to make money, spy, or spread malware like it’s a business. And in some cases, they’re using the same

Rust Adoption Drives Android Memory Safety Bugs Below 20% for First Time

Google has disclosed that the company's continued adoption of the Rust programming language in Android has resulted in the number of memory safety vulnerabilities falling below 20% for the first time. "We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust's impact on

Chinese Tech Firm Leak Reportedly Exposes State Linked Hacking

A massive data leak reportedly at Chinese firm Knownsec (Chuangyu) exposed 12,000 files detailing state-backed 'cyber weapons' and spying on over 20 countries. See the details, including 95GB of stolen Indian immigration data.

Viasat and the terrible, horrible, no good, very bad day

In this week’s newsletter, Amy recounts her journey from Halloween festivities to unraveling the story of the 2022 Viasat satellite hack, with plenty of cybersecurity surprises along the way.

Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injections

The EVE X1/X5 server suffers from multiple authenticated OS command injection vulnerabilities. This can be exploited to inject and execute arbitrary shell commands through multiple scripts affecting multiple parameters.

1 million victims, 17,500 fake sites: Google takes on toll-fee scammers

Google’s suing Lighthouse, a Chinese Phishing-as-a-Service platform that uses Google’s branding on scam sites to trick victims.

ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories

Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted systems against us. But security teams are fighting back. They’re building faster defenses, better ways to spot attacks, and stronger systems to keep people safe. It’s a constant race — every