The Hacker News3 小时
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
Microsoft warns of StilachiRAT, a stealthy remote access trojan that steals credentials, crypto wallets, and system data ...
The Hacker News23 小时
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
GitHub Action tj-actions/changed-files was compromised, leaking CI/CD secrets. Users must update immediately to prevent ...
The Hacker News16 小时
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
Apache Tomcat flaw CVE-2025-24813 is under active exploitation, enabling remote code execution via PUT requests.
The Hacker News20 小时
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
Unpatched Edimax IC-7100 flaw (CVE-2025-1316) exploited for Mirai botnet malware since May 2024, enabling DDoS attacks via ...
The Hacker News21 小时
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Critical router breaches, stealthy PyPI malware, powerful new ransomware decryptors—this week's top cyber threats decoded ...
The Hacker News22 小时
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions
"The features available in CSS allow attackers and spammers to track users' actions and preferences, even though several ...
The Hacker News19 小时
Wiz 15-minute Demo: Secure everything you build and run in the cloud
Wiz provides full cloud security visibility, eliminating risks early and streamlining operations for security teams.
The Hacker News22 小时
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets.
The Hacker News5 天
Pentesters: Is AI Coming for Your Role?
AI is reshaping pentesting by automating tasks, enhancing efficiency, and empowering testers—without replacing them ...
The Hacker News3 天
Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking ...
Microsoft warns of a phishing campaign using ClickFix to spread malware via fake Booking.com emails. Attackers exploit fake ...
The Hacker News5 天
Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
A critical FreeType vulnerability (CVE-2025-27363) with a CVSS 8.1 score may be actively exploited—update to 2.13.3 now for ...
The Hacker News4 天
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
(CVE-2025-25291, CVE-2025-25292) allow SAML authentication bypass (CVSS 8.8). Update to versions 1.12.4 or 1.18.0 now.