Security
Headlines
HeadlinesLatestCVEs

Tag

#git

ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s

The Hacker News
Open in Source
#vulnerability#web#android#mac#google#microsoft#linux#git#intel#backdoor#perl#auth#ssh#ibm#zero_day#chrome#The Hacker News
PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first

Dynamic binary instrumentation (DBI) with DynamoRio

Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more.

GHSA-jqmq-fpwv-p925: Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass. This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.

GHSA-h72q-cq3w-h3wc: Drupal CivicTheme Design System allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS). This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.

GHSA-x957-32v9-m7vg: Drupal Acquia DAM allows Forceful Browsing

Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing. This issue affects Acquia DAM: from 0.0.0 before 1.1.5.

GHSA-m3f2-xjgc-2wp2: Drupal JSON Field is vulnerable to XSS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal JSON Field allows Cross-Site Scripting (XSS). This issue affects JSON Field: from 0.0.0 before 1.5.

GHSA-fg8x-q69g-4qp3: Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables. This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.

GHSA-pr6m-qwrr-mrw9: Drupal Plausible tracking is vulnerable to XSS

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS). This issue affects Plausible tracking: from 0.0.0 before 1.0.2.

GHSA-jxp8-4jw5-5xjc: Drupal Umami Analytics allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS). This issue affects Umami Analytics: from 0.0.0 before 1.0.1.