Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

20 Top-Level Domain Names Abused by Hackers in Phishing Attacks

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

HackRead
Open in Source
#web#android#mac#windows#google#microsoft#linux#git#pdf
CVE-2025-47168: Microsoft Word Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change to "lib/commonjs/index.js," allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1

Popular Chrome Extensions Found Leaking Data via Unencrypted Connections

Popular Chrome extensions exposed user data by sending it over unencrypted HTTP, raising privacy concerns. Symantec urges caution for users.

How to update Chrome on every operating system

How to update Chrome on every Operating System (Windows, Mac, Linux, Chrome OS, Android, iOS)

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum. "macOS users are served a

ClickFix Email Scam Alert: Fake Booking.com Emails Deliver Malware

Cofense Intelligence uncovers a surge in ClickFix email scams impersonating Booking.com, delivering RATs and info-stealers. Learn how these…

What Really Happened in the Aftermath of the Lizard Squad Hacks

On Christmas Day in 2014 hackers knocked out the Xbox and PlayStation gaming networks, impacting how video game companies handled cybersecurity for years.

GHSA-6vx8-pcwv-xhf4: SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the `signxml.XMLVerifier.verify(expect_config=...)` setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm. Starting with signxml 4.0.4, specifying `hmac_key` causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user.