Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave hits. Honeypot Traps Hackers Hackers Fall for

The Hacker News
Open in Source
#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#linux#cisco#git#java#oracle#intel#backdoor#rce#pdf#vmware#bios#auth#chrome#sap#The Hacker News
Fake WinRAR downloads hide malware behind a real installer

We unpack a trojanized WinRAR download that was hiding the Winzipper malware behind a real installer.

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named "wenmoonx." bitcoin-main-lib (2,300 Downloads) bitcoin-lib-js (193 Downloads) bip40 (970 Downloads) "The

GHSA-xwh2-742g-w3wp: Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

### Summary Miniflux's media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SSRF). An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs embedded in feed entry content, including internal addresses (e.g., localhost, private RFC1918 ranges, or link-local metadata endpoints). Requesting the resulting `/proxy/...` URL makes Miniflux fetch and return the internal response. ### Details - **Vulnerable route**: `GET /proxy/{encodedDigest}/{encodedURL}` (accessible without authentication, but requires a server-generated HMAC-signed URL) - **Handler**: `internal/ui/proxy.go` (`(*handler).mediaProxy`) - **Trigger**: entry content is rewritten to proxy media URLs (e.g., `mediaproxy.RewriteDocumentWithAbsoluteProxyURL(...)`), producing signed `/proxy/...` URLs. - **Root cause**: the proxy validates the URL scheme and HMAC signature, but does not restrict target hosts/IPs. As a result...

GHSA-pq29-69jg-9mxc: RustFS Path Traversal Vulnerability

# RustFS Path Traversal Vulnerability ## Vulnerability Details - **CVE ID**: - **Severity**: Critical (CVSS estimated 9.9) - **Impact**: Arbitrary File Read/Write - **Component**: `/rustfs/rpc/read_file_stream` endpoint - **Root Cause**: Insufficient path validation in `crates/ecstore/src/disk/local.rs:1791` ### Vulnerable Code ```rust // local.rs:1791 - No path sanitization! let file_path = volume_dir.join(Path::new(&path)); // DANGEROUS! check_path_length(file_path.to_string_lossy().to_string().as_str())?; // Only checks length let mut f = self.open_file(file_path, O_RDONLY, volume_dir).await?; ``` The code uses `PathBuf::join()` without: - Canonicalization - Path boundary validation - Protection against `../` sequences - Protection against absolute paths ## Proof of Concept ### Test Environment - **Target**: RustFS v0.0.5 (Docker container) - **Endpoint**: `http://localhost:9000/rustfs/rpc/read_file_stream` - **RPC Secret**: `rustfsadmin` (from RUSTFS_SECRET_KEY) - **Disk I...

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. According to a report published by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) and

How Cisco Talos powers the solutions protecting your organization

What happens under the hood of Cisco's security portfolio? Our reputation and detection services apply Talos' real-time intelligence to detect and block threats. Here's how.

The Future of Cybersecurity Includes Non-Human Employees

Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence (AI) and cloud automation, there is exponential growth in Non-Human Identities (NHIs), including bots, AI agents, service accounts and automation scripts. In fact, 51% of respondents in ConductorOne’s 2025 Future of Identity Security Report

New VVS Stealer Malware Targets Discord Users via Fake System Errors

Palo Alto Networks’ new report reveals VVS Stealer uses Discord Injection and fake error messages to steal tokens and MFA codes. Protect your account from this new Python-based threat.

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week’s stories share one pattern. Nothing flashy. No single moment. Just steady abuse of trust — updates, extensions,