Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

North Korean Hackers Team Up with Play Ransomware in Global Attack

State-Sponsored Espionage Meets Ransomware!

HackRead
Open in Source
#windows
Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer

A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for…

WordPress WP-Automatic SQL Injection

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a malicious administrator account. The password for the new account is hashed using MD5. Once the administrator account is created, the attacker can upload and execute a malicious plugin, leading to full control over the WordPress site.

Patch now! New Chrome update for two critical vulnerabilities

Chrome issued a security update that patches two critical vulnerabilities. One of which was reported by Apple

When Cybersecurity Tools Backfire

Outages are inevitable. Our focus should be on minimizing their scope, addressing underlying causes, and understanding that protecting systems is about keeping bad actors out while maintaining stability and reliability.

'CrossBarking' Attack Targets Secret APIs, Exposes Opera Browser Users

Using a malicious Chrome extension, researchers showed how an attacker could use a now-fixed bug to inject custom code into a victim's Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most trusted sites.

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs said in a report shared with The Hacker News. "The malvertising campaign leverages nearly a hundred malicious

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over 1,300

What is known about the Spoofing – Windows MSHTML Platform (CVE-2024-43573) vulnerability from the October Microsoft Patch Tuesday?

What is known about the Spoofing – Windows MSHTML Platform (CVE-2024-43573) vulnerability from the October Microsoft Patch Tuesday? In fact, just that it is being exploited in the wild. There are no write-ups or public exploits yet. The Acknowledgements section in the Microsoft bulletin is empty. It is not clear who reported it and from […]

Writing a BugSleep C2 server and detecting its traffic with Snort

This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort.