Security
Headlines
HeadlinesLatestCVEs

Latest News

U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation of international sanctions. "These

The Hacker News
Open in Source
#The Hacker News
Researchers Warn of NTLMv1 Bypass in Active Directory Policy

Silverfort has discovered that a misconfiguration can bypass an Active Directory Group Policy designed to disable NTLMv1, allowing…

European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China. The advocacy group is seeking an immediate suspension of such transfers, stating the companies in question cannot shield user data

Russian APT Phishes Kazakh Gov't for Strategic Intel

A highly targeted cyber-intelligence campaign adds fuel to the increasingly complex relationship between the two former Soviet states.

GHSA-8vq4-8hfp-29xh: Eugeny Tabby Sends Password Despite Host Key Verification Failure

An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails.

Hackers Likely Stole FBI Call Logs From AT&T That Could Compromise Informants

A breach of AT&T that exposed “nearly all” of the company’s customers may have included records related to confidential FBI sources, potentially explaining the bureau’s new embrace of end-to-end encryption.

Passwords: a thin line between love and hate

Unless you have been gifted with a photographic memory, this is likely going to sound very familiar. Picture it: You’re away from your desk and you need to access one of your apps from your phone. You attempt to sign in and get the dreaded message: “the username and password entered do not match our records.” Thus begins the time-consuming process of requesting a password reset, including coming up with a new password that doesn’t match something you’ve already used in the past. Despite the frustration you feel, passwords have been the cornerstone of keeping our online data secure fo

Biden's Cybersecurity EO Leaves Trump a Comprehensive Blueprint for Defense

New order mandates securing the federal software supply chain and communications networks, as well as deploying AI tools to protect critical infrastructure from cyberattacks — but will the Trump administration follow through?

GHSA-4ff6-858j-r822: Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation

### Impact Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. ### Patches c4f1e01eab0dd435709ad15463ed38a079ad6128 fixes this issue. ### Workarounds Use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access. ### References N/A