Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation," Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara

The Hacker News
Open in Source
#vulnerability#web#mac#windows#microsoft#intel#backdoor#zero_day#The Hacker News
GHSA-jcrr-rr6w-8c83: free5GC AMF denial of service vulnerability

An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message.

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine," cybersecurity firm Deep Instinct said in a Thursday analysis. UAC-0099 was first

Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector

Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined Kitten. "

BidenCash Market Leaks 1.6 Million Credit Card Details

By Waqas BidenCash is recognized as a hub for stolen payment card data, operating both on the dark web and the clear net. This is a post from HackRead.com Read the original post: BidenCash Market Leaks 1.6 Million Credit Card Details

GHSA-6ggr-cwv4-g7qg: Remotely exploitable denial of service in Rosenpass

Affected versions of this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to decode the message.

Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed

Xfinity has notified customers that due to exploitation of the Citrix Bleed vulnerability, attackers were able to access personal data of almost 36 million customers.

How does ThreatDown Vulnerability Assessment and Patch Management work?

Dive into the inner workings of ThreatDown Vulnerability Assessment and Patch Management

How Outlook notification sounds can lead to zero-click exploits

A researcher found two Microsoft vulnerabilities which could be combined to achieve zero-click remote code execution.

Update Chrome now! Emergency update patches zero-day

Google has issued an emergency update for Chrome that fixes an actively exploited zero-day vulnerability in the WebRTC component.