Security
Headlines
HeadlinesLatestCVEs

Latest News

UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the

The Hacker News
#perl#The Hacker News
India Sees Surge in API Attacks, Especially in Banking, Utilities

The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target.

Biggest Crypto Scam Tactics in 2024 and How to Avoid Them

Stay alert to crypto scams with our guide to 2024’s top threats, including phishing, malware, Ponzi schemes, and…

GHSA-w32m-9786-jp63: Non-linear parsing of case-insensitive content in golang.org/x/net/html

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

GHSA-j2v2-3784-vr44: Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xrh7-2gfq-4rcq. This link is maintained to preserve external references. ## Original Description OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.

Interpol: Can We Drop the Term 'Pig Butchering'?

The agency asks the cybersecurity community to adopt "romance baiting" in place of dehumanizing language.

Congress Again Fails to Limit Scope of Spy Powers in New Defense Bill

The National Defense Authorization Act passed today, but lawmakers stripped language that would keep the Trump administration from wielding unprecedented authority to surveil Americans.

Recorded Future: Russia's 'Undesirable' Designation Is a Compliment

The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin's regime.

FBI Warns of HiatusRAT Malware Targeting Webcams and DVRs

KEY SUMMARY POINTS The FBI has issued a Private Industry Notification (PIN) to highlight new malware campaigns targeting…

FBI Warns of HiatusRAT Malware Targeting Webcams and DVRs

KEY SUMMARY POINTS The FBI has issued a Private Industry Notification (PIN) to highlight new malware campaigns targeting…