Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Hackers Hide VenomRAT Malware Inside Virtual Hard Disk Image File

Hackers are using .VHD files to spread VenomRAT malware, bypassing security software, reveals Forcepoint X-Labs. Learn how this stealthy attack works and how to protect yourself.

HackRead
Open in Source
#windows#git
Sperm bank breach deposits data into hands of cybercriminals

Sperm donor giant California Cryobank has announced it has suffered a data breach that exposed customers' personal information.

Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen

In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and MFA bypass—remain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening in the first place? Our upcoming

CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote

Red Hat Advanced Cluster Security 4.7 simplifies management, enhances workflows, and generates SBOMs

Today, ensuring the security and integrity of your software supply chain is more critical than ever. Red Hat Advanced Cluster Security for Kubernetes is focused on providing users the tools to tackle the greatest security challenges.One essential tool in this effort is the software bill of materials (SBOM), which provides a comprehensive list of all components and libraries used within a software product. With the growing importance of SBOMs for supply chain security—especially in light of the NIST Executive Order—Red Hat Advanced Cluster Security 4.7 introduces new features for generating

AMOS and Lumma stealers actively spread to Reddit users

Reddit users from trading and crypto subreddits are being lured into installing malware disguised as premium cracked software.

GHSA-vqqr-fgmh-f626: Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads

### Impact Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. ### Patches Update to Contao 4.13.54, 5.3.30 or 5.5.6. ### Workarounds Remove `svg,svgz` from the allowed upload file types in the system settings and from `contao.editable_files` in the `config.yaml`. ### References https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

Scammers Sneak 300+ Ad Fraud Apps onto Google Play with 60M Downloads

Google Play Store hit by 300+ fake Android apps, downloaded more than 60 million times pushing ad fraud and data theft. Learn how to spot and remove these threats.

New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent