Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites

A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic (AMOS), Lumma, Rhadamanthys (aka RADTHIEF), and Vidar, targeting both Windows and Apple macOS systems. "UNC5142 is characterized by its use of compromised WordPress websites and 'EtherHiding,' a technique used

The Hacker News
Open in Source
#web#mac#windows#apple#google#git#java#wordpress#intel#The Hacker News
Video call app Huddle01 exposed 600K+ user logs

Privacy left the chat. A misconfigured Kafka broker effectively undid the anonymity many users rely on.

One Republican Now Controls a Huge Chunk of US Election Infrastructure

Former GOP operative Scott Leiendecker just bought Dominion Voting Systems, giving him ownership of voting systems used in 27 states. Election experts don't know what to think.

Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform

Scaling the SOC with AI - Why now?  Security Operations Centers (SOCs) are under unprecedented pressure. According to SACR’s AI-SOC Market Landscape 2025, the average organization now faces around 960 alerts per day, while large enterprises manage more than 3,000 alerts daily from an average of 28 different tools. Nearly 40% of those alerts go uninvestigated, and 61% of security teams admit

New Tech Support Scam Uses Microsoft Logo to Fake Browser Lock, Steal Data

The Cofense Phishing Defense Centre warns of a new tech support scam using Microsoft’s brand to lock browsers and steal data. Learn how the attack uses fake 'payment lures' and urgent security alerts to trick victims into calling a fraudulent support number.

Mango discloses data breach at third-party provider

The fashion retailer says a breach at a marketing partner exposed limited contact details—but no financial data or passwords.

Roku accused of selling children’s data to advertisers and brokers

Florida claims Roku ignored clear signs its users were minors, collecting and selling viewing habits, voice recordings and precise locations.

BeaverTail and OtterCookie evolve with a new Javascript module

Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea (DPRK).

Laura Faria: Empathy on the front lines

Laura opens up about her journey through various cybersecurity roles, her leap into incident response, and what it feels like to support customers during their toughest moments — including high-stakes situations impacting critical infrastructure.

GHSA-9m49-p2j3-c6xm: Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability

*** UNSUPPORTED WHEN ASSIGNED *** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability. As this project is retired, it is not planned to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.