Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

8 Malicious NPM Packages Stole Chrome User Data on Windows

JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser…

HackRead
Open in Source
#mac#windows#google#nodejs#git#auth#chrome
Microsoft wants to automatically save your Word docs to the cloud

Microsoft is rolling out a feature that defaults to saving your documents to the cloud. Consumers are divided.

Google Big Sleep AI Tool Finds Critical Chrome Vulnerability

Make sure your Chrome browser is updated to the latest version to stay protected.

First AI-Powered Ransomware PromptLock Targets Windows, Linux and macOS

ESET has identified PromptLock, the first AI-powered ransomware, using OpenAI models to generate scripts that target Windows, Linux…

Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in

Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS

A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious…

The Era of AI-Generated Ransomware Has Arrived

Cybercriminals are increasingly using generative AI tools to fuel their attacks, with new research finding instances of AI being used to develop ransomware.

Ilevia EVE X1/X5 Server 4.7.18.0.eden Authentication Bypass Exploit

The application constructs a shell command using unsanitized user input passed to the system() function, calling an external binary for authentication. Due to improper input handling and reliance on the binary's return value for access control, an attacker can inject special characters, such as a double quote (") to manipulate command parsing and induce execution failure. Since the application interprets any non-zero exit code from the binary as successful authentication, this flaw allows remote users to bypass authentication entirely without providing valid credentials.

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3. "A malicious container running on Docker Desktop could access the

Fake Voicemail Emails Install UpCrypter Malware on Windows

FortiGuard Labs warns of a global phishing campaign that delivers UpCrypter malware, giving hackers complete control of infected…