Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer (Q&A) platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining their cryptocurrency wallets. "Upon installation, this code would execute automatically,

The Hacker News
Open in Source
#vulnerability#web#mac#google#js#git#backdoor#auth#chrome#firefox#The Hacker News
APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups.

Obfuscation: There Are Two Sides To Everything

How to detect and prevent attackers from using these various techniques Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it. What Is Obfuscation? Obfuscation is the technique of intentionally making information difficult to read, especially in

A $500 Open-Source Tool Lets Anyone Hack Computer Chips With Lasers

The RayV Lite will make it hundreds of times cheaper for anyone to carry out physics-bending feats of hardware hacking.

Detecting evolving threats: NetSupport RAT campaign

In this first Deep Dive with NTDR, we explore how defenders can leverage Snort for the detection of evasive malware threats.

Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware

Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API (DPAPI) which protects the data at rest from other users on the system or cold boot attacks," Will Harris from the Chrome security team

North Koreans Target Devs Worldwide With Spyware, Job Offers

DEV#POPPER is back, looking to deliver a comprehensive, updated infostealer to coding job seekers by way of a savvy social engineering gambit.

Siri Bug Enables Data Theft on Locked Apple Devices

Malicious actors could potentially exploit this vulnerability if they gain physical access to a user's device.

GHSA-hx9v-6r9f-w677: Insecure Jinja2 templates rendered in Haystack Components can lead to RCE

### Impact Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. ### Patches The problem has been fixed with PRs deepset-ai/haystack#8095 and deepset-ai/haystack#8096. Both have been released with Haystack `2.3.1`. ### Workarounds Prevent users from running the affected Components, or only let users use preselected templates. ### References The list of impacted Components can be found in the release notes for `2.3.1`. https://github.com/deepset-ai/haystack/releases/tag/v2.3.1