Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing

Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans (RATs). The activity employs Cloudflare-themed ClickFix phishing attacks and fake GitHub repositories opened under the names of legitimate applications, Swiss cybersecurity company PRODAFT said in

The Hacker News
#git#The Hacker News
GHSA-526j-mv3p-f4vv: eKuiper API endpoints handling SQL queries with user-controlled table names.

### Summary A critical SQL Injection vulnerability exists in the `getLast` API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitation can lead to data theft, corruption, or deletion, and full database compromise. ### Details The root cause lies in the use of unsanitized user-controlled input when constructing SQL queries using `fmt.Sprintf`, without validating the `table` parameter. Specifically, in: ```go query := fmt.Sprintf("SELECT * FROM %s ORDER BY rowid DESC LIMIT 1", table) ``` Any value passed as the `table` parameter is directly interpolated into the SQL string, enabling injection attacks. This is reachable via API interfaces that expose time-series queries. ### PoC 1. **Deploy eKuiper instance** (default config is sufficient). 2. **Send a crafted request to the SQL query endpoint**: ```bash curl -X ...

Age verification: Child protection or privacy risk?

With more platforms and governments asking for age verification, we look at the options and the implications.

iPhone vs. Android: iPhone users more reckless, less protected online

Lower rates for creating unique passwords, buying items from known websites, and using protection software leave iPhone users at risk to online scams.

Introducing the smarter, more sophisticated Malwarebytes Trusted Advisor, your cybersecurity personal assistant

Malwarebytes Trusted Advisor has had an update, and it's now sharper, smarter, and more helpful than ever.

Brave Browser Blocks Microsoft Recall from Tracking Online Activity

Brave browser now blocks Microsoft Recall by default, preventing screenshots and protecting users’ browsing history on Windows 11.

Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them

Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud,

China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community

The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama's 90th birthday on July 6, 2025. The multi-stage attacks have been codenamed Operation GhostChat and Operation PhantomPrayers by Zscaler ThreatLabz. "The attackers compromised a legitimate website, redirecting users via a malicious link and

Unmasking the new Chaos RaaS group attacks

Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks.