Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks. The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a

The Hacker News
Open in Source
#vulnerability#web#windows#apple#google#microsoft#java#oracle#intel#samba#ssrf#auth#The Hacker News
⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More

It’s easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn’t just patching fast, but watching smarter and staying alert for what you don’t expect. Here’s a quick look at this week’s top threats, new tactics, and security stories shaping

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor. According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company's analysis is based on the ZIP

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That's according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions of BeaverTail and OtterCookie coming

Identity Security: Your First and Last Line of Defense

The danger isn’t that AI agents have bad days — it’s that they never do. They execute faithfully, even when what they’re executing is a mistake. A single misstep in logic or access can turn flawless automation into a flawless catastrophe. This isn't some dystopian fantasy—it's Tuesday at the office now. We've entered a new phase where autonomous AI agents act with serious system privileges. They

Under the engineering hood: Why Malwarebytes chose WordPress as its CMS

It might surprise some that a security company would choose WordPress as the backbone of its digital content operations. Here's what we considered when choosing it.

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware," the Microsoft Threat Intelligence team said in a post shared on X. The tech

GHSA-wvpg-4wrh-5889: PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

### Impact Wrong usage of the PHP `array_search()` allows bypass of validation. ### Patches The problem has been patched in versions: - v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1) - v4.4.1 for PrestaShop 8 (build number: 8.4.4.1) - v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5) - v5.0.5 for PrestaShop 8 (build number: 8.5.0.5) - v5.0.5 for PrestaShop 9 (build number: 9.5.0.5) Read the [Versioning policy](https://github.com/PrestaShopCorp/ps_checkout/wiki/Versioning) to learn more about the build number. ### Credits [Léo CUNÉAZ](https://github.com/inem0o) reported this issue.

GHSA-fpxp-pfqm-x54w: PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

# Impact Missing validation on input vulnerable to directory traversal. # Patches The problem has been patched in versions: v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1) v4.4.1 for PrestaShop 8 (build number: 8.4.4.1) v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5) v5.0.5 for PrestaShop 8 (build number: 8.5.0.5) v5.0.5 for PrestaShop 9 (build number: 9.5.0.5) Read the [Versioning policy](https://github.com/PrestaShopCorp/ps_checkout/wiki/Versioning) to learn more about the build number. # Credits [Léo CUNÉAZ](https://github.com/inem0o) for reportied this issue.

GHSA-54hq-mf6h-48xh: PrestaShop Checkout allows customer account takeover via email

# Impact Missing validation on Express Checkout feature allows silent log-in. # Patches The problem has been patched in versions - v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1) - v4.4.1 for PrestaShop 8 (build number: 8.4.4.1) - v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5) - v5.0.5 for PrestaShop 8 (build number: 8.5.0.5) - v5.0.5 for PrestaShop 9 (build number: 9.5.0.5) Read the [Versioning policy](https://github.com/PrestaShopCorp/ps_checkout/wiki/Versioning) to learn more about the build number. # Credits [Léo CUNÉAZ](https://github.com/inem0o) reported this issue.