Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

GHSA-j5w8-q4qc-rx2x: golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

ghsa
Open in Source
#vulnerability#auth#ssh#sap
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil. "It uses Internet Message Access Protocol (IMAP) to dynamically retrieve command-and-control (C2) addresses, allowing the threat actor to

How to Achieve Ultra-Fast Response Time in Your SOC

ANY.RUN shows how early clarity, automation and shared data help SOC teams cut delays and speed up response during heavy alert loads.

Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol. The idea is to make it easier to delve into WhatsApp-specific technologies as the application continues to be a lucrative attack surface for state-sponsored actors and

A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers

By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found “the most extensive exposure of phone numbers” ever—along with profile photos and more.

Why it matters when your online order is drop-shipped

Those too-good-to-be-true online deals often come from drop-shipping sellers, and that can leave you holding all the risk.

⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More

This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting off alarms. It’s not just about hacking anymore. Criminals are building systems to make money, spy, or spread malware like it’s a business. And in some cases, they’re using the same

DOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam Compound

A new US law enforcement initiative is aimed at crypto fraudsters targeting Americans—and now seeks to seize infrastructure it claims is crucial to notorious scam compounds.

Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets

The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a new espionage-focused campaign. The activity, detected in early September 2025 and assessed to be ongoing, has been codenamed SpearSpecter by the Israel National Digital Agency (INDA). "The

Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity, per Netcraft security researcher Andrew Brandt, is designed to target customers of the hospitality industry, specifically hotel guests who may have travel reservations with spam emails. The campaign is said to have begun in earnest around