Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below - CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS

The Hacker News
Open in Source
#vulnerability#auth#ssl#The Hacker News
North Korea's Kimsuky Taps Trusted Platforms to Attack South Korea

The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around.

$10 Infostealers Are Breaching Critical US Security: Military and Even the FBI Hit

A new report reveals how cheap Infostealer malware is exposing US military and defense data, putting national security at risk. Hackers exploit human error to gain access.

Xerox Printer Vulnerabilities Enable Credential Capture

Attackers are using patched bugs to potentially gain unfettered access to an organization's Windows environment under certain conditions.

China-Linked Threat Group Targets Japanese Orgs' Servers

Winnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.

Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild

Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.

How Phished Data Turns into Apple & Google Wallets

Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.

GHSA-q4xq-445g-g6ch: Keycloak allows cross-site scripting (XSS)

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.

Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks

Two critical OpenSSH vulnerabilities discovered! Qualys TRU finds client and server flaws (CVE-2025-26465 & CVE-2025-26466) enabling MITM and…

New episode “In The Trend of VM” (#11): vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024

New episode “In The Trend of VM” (#11): vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024. I made this episode exclusively for the Telegram channel @avleonovcom “Vulnerability Management and More”. 😉 📹 Video on YouTube, LinkedIn🗞 Post on Habr (rus)🗒 Digest on the PT website Content: 🔻 00:00 […]