Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Report: The Dark Side of Phishing Protection

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector. A new report by LayerX explores the state of

The Hacker News
Open in Source
#web#The Hacker News
New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI

Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle (AitM) phishing, "uses Cloudflare Workers to act as a reverse proxy server for a

Data Leak Exposes 500GB of Indian Police, Military Biometric Data

By Waqas The records belonged to two separate India-based firms, ThoughtGreen Technologies and Timing Technologies. Both provide application development, RFID technology, and biometric verification services. This is a post from HackRead.com Read the original post: Data Leak Exposes 500GB of Indian Police, Military Biometric Data

Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’

Plus: US surveillance reportedly targets pro-Palestinian protesters, the FBI arrests a man for AI-generated CSAM, and stalkerware targets hotel computers.

How to Recover Deleted Emails from Exchange Server?

By Waqas Accidentally deleted emails? Don’t panic! This guide explains how to recover them from Exchange Server within the retention… This is a post from HackRead.com Read the original post: How to Recover Deleted Emails from Exchange Server?

Top Cloud Services Used for Malicious Website Redirects in SMS Scams

By Deeba Ahmed Fake Cloud, Real Theft! This is a post from HackRead.com Read the original post: Top Cloud Services Used for Malicious Website Redirects in SMS Scams

4BRO Insecure Direct Object Reference / API Information Exposure

4BRO versions prior to 2024-04-17 suffer from insecure direct object reference and API information disclosure vulnerabilities.

Debian Security Advisory 5695-1

Debian Linux Security Advisory 5695-1 - Manfred Paul discovered that an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication in the WebKitGTK web engine.

Fake Antivirus Websites Deliver Malware to Android and Windows Devices

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices

How Do Hackers Blend In So Well? Learn Their Tricks in This Expert Webinar

Don't be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they're getting smarter every day. Join our FREE webinar "Navigating the SMB Threat Landscape: Key Insights from Huntress' Threat Report," in which Jamie Levy — Director of Adversary Tactics at Huntress, a renowned