Security
Headlines
HeadlinesLatestCVEs

Tag

#ddos

⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More

In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react. This week’s stories show how easily a small mistake or hidden service can turn into a real

The Hacker News
Open in Source
#xss#vulnerability#web#android#mac#windows#google#microsoft#amazon#linux#cisco#ddos#dos#apache#nodejs#js#git#java#intel#php#backdoor#rce#pdf#botnet#aws#auth#chrome#firefox#sap#asp.net#The Hacker News
ICE Agent Doxxing Platform was Crippled After Coordinated DDoS Attack

The activist website called "ICE List" was offline after a massive DDoS attack. The crash followed a leak of 4,500 federal agent names linked to the Renee Nicole Good shooting.

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times, capable of directing enslaved devices to participate in distributed denial-of-service (DDoS)

Who Benefited from the Aisuru and Kimwolf Botnets?

Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and cybercrime services that appear to have benefitted from Kimwolf's spread.

GHSA-mhpg-c27v-6mxr: NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS

### Summary An unsafe implementation in the `pushstate` event listener used by `ui.sub_pages` allows an attacker to manipulate the fragment identifier of the URL, which _they can do despite being cross-site, using an iframe_. ### Details The problem is traced as follows: 1. On `pushstate`, `handleStateEvent` is executed. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/elements/sub_pages.js#L38-L39 2. `handleStateEvent` emits `sub_pages_open` event. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/elements/sub_pages.js#L22-L25 3. `SubPagesRouter` (used by `ui.sub_pages`), lisnening on `sub_pages_open`, `_handle_open` runs. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/sub_pages_router.py#L18-L22 4. `_handle_open` finds any `SubPages` and runs `_show()` on them https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda70...

GHSA-m7j5-rq9j-6jj9: NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links

### Summary An unsafe implementation in the `click` event listener used by `ui.sub_pages`, combined with attacker-controlled link rendering on the page, causes an XSS when the user actively clicks on the link. ### Details 1. On `click`, eventually `sub_pages_navigate` event is emitted. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/elements/sub_pages.js#L41-L63 2. SubPagesRouter (used by ui.sub_pages), lisnening on `sub_pages_navigate`, `_handle_navigate` runs. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/sub_pages_router.py#L18-L22 3. `_handle_navigate` runs `run_javascript` with f-string substituting `self.current_path` which is simply surrounded by double-quotes. The string context can be broken out easily. https://github.com/zauberzeug/nicegui/blob/59fa9424c470f1b12c5d368985fa36e21fda706b/nicegui/sub_pages_router.py#L73-L88 ### PoC The minimal PoC boils down to this: ```py from ni...

DDoSia Powers Affiliate-Driven Hacktivist Attacks

Pro-Russian group NoName057(16) uses a custom denial-of-service tool to mobilize volunteers and disrupt government, media, and institutional sites tied to Ukraine and the West.

Millions of Android Powered TVs and Streaming Devices Infected by Kimwolf Botnet

Synthient discovers over 2 million Android TV boxes and smart TVs hijacked by the Kimwolf botnet. Learn how hackers are using home devices to launch DDoS attacks and how you can protect your home network.

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality," the company said in an analysis published last week. Kimwolf

Researcher Wipes White Supremacist Dating Sites, Leaks Data on okstupid.lol

Security researcher in "Martha Root" in Pink Power Ranger deletes white supremacist dating sites live onstage, leaks 8,000 profiles and 100GB of data at Chaos Communication Congress (CCC) 2025.