Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Russian APT28 Deploys “NotDoor” Backdoor Through Microsoft Outlook

APT28 hackers deploy NotDoor backdoor via Microsoft Outlook macros, using OneDrive sideloading to steal data and evade detection.

HackRead
Open in Source
#web#mac#windows#microsoft#git#intel#backdoor#pdf
GHSA-58p5-r2f6-g2cj: Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution

### Summary A Use-After-Free (UAF) vulnerability has been discovered in the Sdf_PathNode module of the Pixar OpenUSD library. This issue occurs during the deletion of the Sdf_PrimPathNode object in multi-threaded environments, where freed memory is accessed. This results in segmentation faults or bus errors, allowing attackers to potentially exploit the vulnerability for remote code execution (RCE). By using a specially crafted .usd file, an attacker could gain control of the affected system. The vulnerability has been confirmed in multiple OpenUSD tools, including sdfdump, usdtree, usdcat, and sdffilter. ### Patches This is fixed with [commit 0d74f31](https://github.com/PixarAnimationStudios/OpenUSD/commit/0d74f31fe64310791e274e587c9926335e9db9db), with the fix available in OpenUSD 25.08 and onwards. ### Details The issue is a Use-After-Free vulnerability in the Sdf_PathNode destruction process, specifically in Sdf_PrimPathNode::~Sdf_PrimPathNode(). When multiple threads attempt to...

Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries

The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor "is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word," S2 Grupo's LAB52 threat intelligence team said. "When such an email is

From summer camp to grind season

Bill takes thoughtful look at the transition from summer camp to grind season, explores the importance of mental health and reflects on AI psychiatry.

Roblox introduces age checks to use communication features

Roblox announced plans to roll out age estimation for using the communication features on the platform to help fight sexual predators.

New Malware Uses Windows Character Map for Cryptomining

Darktrace reports new malware hijacking Windows Character Map for cryptomining, exposing risks of hidden attacks in everyday software…

Scattered Lapsus$ Hunters Demand Google Fire Security Experts or Face Data Leak

Scattered Lapsus$ Hunters threaten Google, demanding that two security experts, Austin Larsen of Google’s Threat Intelligence Group and Charles Carmakal of Mandiant, be fired or they will leak alleged stolen Google data.

Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions

Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X's malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok. The findings were highlighted by Nati Tal, head of Guardio Labs, in a series of posts on X. The technique has been codenamed Grokking. The approach is designed to

Cloudflare Mitigates Largest Ever Recorded DDoS Attack at 11.5 Tbps

Cloudflare mitigated the largest DDoS attack ever recorded, an 11.5 Tbps flood that lasted 35 seconds without disrupting…

Governance-Driven Automation: How Flowable Is Redefining Digital Process Management

A newly published independent research report highlights Flowable’s rise in the digital process automation market. Built on open-source…