Tag: hacker
-
Mit Sicherheitslücken in Autos: Pwn2Own-Hacker gewinnen 1.047.000 US-Dollar
Bei der Pwn2Own Automotive in Tokio wurden mit 76 verschiedenen Zero-Day-Lücken mehrere E-Auto-Lader und Infotainmentsysteme gehackt. First seen on golem.de Jump to article: www.golem.de/news/mit-sicherheitsluecken-in-autos-pwn2own-hacker-gewinnen-1-047-000-us-dollar-2601-204542.html
-
Keine Malware nötig: Hacker tricksen Googles Gemini mit einem Kalendereintrag aus
First seen on t3n.de Jump to article: t3n.de/news/keine-malware-noetig-hacker-tricksen-googles-gemini-mit-einem-kalendereintrag-aus-1726136/
-
Hacker who stole 120,000 bitcoins wants a second chance”, and a security job
Crypto theft was “the worst thing I had ever done.” First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/01/hacker-who-stole-120000-bitcoins-wants-a-second-chance-and-a-security-job/
-
Breach Roundup: DOGE Uploaded Social Security Data to Cloud
Also, CIRO Phishing Breach, Ingram Micro Ransomware and CVE Surge. This week, DOGE posted sensitive data on an outside server. A phishing attack affected 750,000 Canadians. A hacktivism warning from the U.K. NCSC. An Ingram Micro breach. CVEs surged in 2025. SK Telecom challenged a fine. Researchers disclosed Chainlit flaws. North Korean hackers abused VS…
-
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Hackers began exploiting an authentication bypass vulnerability in SmarterTools’ SmarterMail email server and collaboration tool that allows resetting admin passwords. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/smartermail-auth-bypass-flaw-now-exploited-to-hijack-admin-accounts/
-
Hackers Are Using LinkedIn DMs and PDF Tools to Deploy Trojans
That LinkedIn message pretending to be job offer could just be malwre. First seen on hackread.com Jump to article: hackread.com/hackers-linkedin-dms-pdf-tools-trojan/
-
Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages
Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from publishing malware under new accounts to hijacking established publishers through expired domain takeovers. This represents a fundamental erosion of trust signals that Linux users previously…
-
Critical Chainlit AI Flaws Let Hackers Seize Control Of Cloud Environments
Tags: ai, api, cloud, control, credentials, cve, cyber, flaw, framework, hacker, Internet, open-source, pypi, vulnerabilityZafran Labs uncovered two critical vulnerabilities in Chainlit, a popular open-source framework for building conversational AI apps. Chainlit powers internet-facing AI systems in enterprises across industries, averaging 700,000 PyPI downloads monthly. The flaws CVE-2026-22218 (arbitrary file read) and CVE-2026-22219 (SSRF) enable attackers to steal API keys, sensitive files, and cloud credentials without user interaction. Zafran…
-
Hacker legen Websites von Conceptnet-Kunden lahm
Der Regensburger IT-Dienstleister Conceptnet wurde Opfer einer Ransomware-Attacke.Der Regensburger IT-Dienstleister Conceptnet informiert derzeit auf seiner Internetseite über eine technische Störung, die durch einen Ransomware-Angriff verursacht wurde. Berichten zufolge haben sich die Täter um den 13. Januar 2026 Zugriff auf die IT-Infrastruktur des Unternehmens verschafft. ‘Dabei wurden zentrale Systeme darunter Web- und E-Mail-Server verschlüsselt”, erklärt das…
-
Hackers exploit 29 zero-days on second day of Pwn2Own Automotive
Hackers collect $439,250 after exploiting 29 zero-day vulnerabilities on the second day of Pwn2Own Automotive 2026. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-29-zero-day-vulnerabilities-on-second-day-of-pwn2own-automotive/
-
Dringend patchen: Hacker attackieren Cisco-Tools über Zero-Day-Lücke
Admins sollten zügig handeln. In mehreren Cisco-Produkten klafft eine gefährliche Sicherheitslücke. Erste Attacken wurden bereits beobachtet. First seen on golem.de Jump to article: www.golem.de/news/unified-cm-und-mehr-hacker-attackieren-cisco-systeme-ueber-zero-day-luecke-2601-204499.html
-
Hackers breach Fortinet FortiGate devices, steal firewall configs
Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall configuration data, according to cybersecurity company Arctic Wolf. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-breach-fortinet-fortigate-devices-steal-firewall-configs/
-
Unified CM und mehr: Hacker attackieren Cisco-Systeme über Zero-Day-Lücke
Admins sollten zügig handeln. In mehreren Cisco-Produkten klafft eine gefährliche Sicherheitslücke. Erste Attacken wurden bereits beobachtet. First seen on golem.de Jump to article: www.golem.de/news/unified-cm-und-mehr-hacker-attackieren-cisco-systeme-ueber-zero-day-luecke-2601-204499.html
-
Pwn2Own Automotive: Hacker hacken Tesla, EV-Lader und mehr
Tags: hackerTeilnehmer der Pwn2Own Automotive in Tokio haben an nur einem Tag über 500.000 US-Dollar gewonnen. Geknackt wurden Systeme von Tesla, Autel, Sony und mehr. First seen on golem.de Jump to article: www.golem.de/news/pwn2own-automotive-hacker-hacken-ev-lader-und-infotainmentsysteme-2601-204486.html
-
Attacks Target Freshly Patched, Critical Fortinet Flaws
Chinese Attackers Among Those Tied to Attempted Exploits of FortiSIEM Appliances. Critical vulnerabilities in edge devices are continuing to be discovered by security researchers and rapidly targeted by attackers. Lately, this includes a critical vulnerability in Fortinet’s FortiSIEM appliances, which Chinese and other hackers began targeting just two days post-patch. First seen on govinfosecurity.com Jump…
-
Attacks Target Freshly Patched, Critical Fortinet Flaws
Chinese Attackers Among Those Tied to Attempted Exploits of FortiSIEM Appliances. Critical vulnerabilities in edge devices are continuing to be discovered by security researchers and rapidly targeted by attackers. Lately, this includes a critical vulnerability in Fortinet’s FortiSIEM appliances, which Chinese and other hackers began targeting just two days post-patch. First seen on govinfosecurity.com Jump…
-
‘Damn Vulnerable’ Training Apps Leave Vendors’ Clouds Exposed
Hackers are already leveraging these over-permissioned programs to access the IT systems of major security vendors. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/vulnerable-vendors-training-apps
-
Hackers exploit security testing apps to breach Fortune 500 firms
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/
-
Hackers Weaponize 2,500+ Security Tools to Disable Endpoint Defenses Before Ransomware Attacks
A sophisticated campaign has weaponized over 2,500 variants of a legitimate security driver to disable endpoint protection before deploying ransomware and remote access trojans. Attackers are abusing truesight.sys, a kernel-mode driver from Adlice Software’s RogueKiller antivirus suite. The legacy version 2.0.2 contains a critical vulnerability allowing arbitrary process termination via IOCTL command 0x22E044. This enables…
-
Hacker erbeuten rund 42.000 Datensätze von Ingram Micro
Bei Ingram Micro wurden rund 42.000 Datensätze mit sensiblen Informationen von Mitarbeitern gestohlen.Im Juli 2025 sorgte ein Ransomware-Angriff für verheerende Folgen bei Ingram Micro: Die Logistik des IT-Distributors wurde eine Woche lahmgelegt davon betroffen war nicht nur der Hauptsitz in den USA, sondern auch der Standort in Deutschland.Nun hat sich herausgestellt, dass dabei auch sensible…
-
Hackers Exploit Visual Studio Code to Deploy Malicious Payloads on Victim Systems
The attack arsenal by extensively abusing Microsoft Visual Studio Code configuration files to deliver and execute malicious payloads on compromised systems. This evolution in the Contagious Interview campaign represents a sophisticated shift toward weaponizing legitimate developer tools. The infection chain begins when victims clone and open malicious Git repositories hosted on GitHub or GitLab, typically…
-
Curl shutters bug bounty program to remove incentive for submitting AI slop
Maintainer hopes hackers send bug reports anyway, will keep shaming ‘silly ones’ First seen on theregister.com Jump to article: www.theregister.com/2026/01/21/curl_ends_bug_bounty/
-
ACF plugin bug gives hackers admin on 50,000 WordPress sites
A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/acf-plugin-bug-gives-hackers-admin-on-50-000-wordpress-sites/
-
ClickFix to CrashFix: KongTuke Used Fake Chrome Ad Blocker to Install ModeloRAT
Huntress discovers ‘CrashFix,’ a new attack by KongTuke hacker group using fake ad blockers to crash browsers and trick office workers into installing ModeloRAT malware. First seen on hackread.com Jump to article: hackread.com/clickfix-crashfix-kongtuke-fake-chrome-ad-blocker-modelorat/
-
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects
The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints.The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said.”This activity involved…
-
Hackers target Afghan government workers with fake correspondence from senior officials
Hackers are targeting Afghan government employees with phishing emails disguised as official correspondence from the office of the country’s prime minister, researchers found. First seen on therecord.media Jump to article: therecord.media/hackers-target-afghan-workers
-
50 Unternehmen gehackt: Hacker soll Malware an das FBI verkauft haben
Ein 40-jähriger Mann aus Jordanien hat unter anderem mit Malware gehandelt. Nachdem das FBI ihn überführt hat, drohen ihm nun bis zu zehn Jahre Haft. First seen on golem.de Jump to article: www.golem.de/news/haftstrafe-droht-50-firmen-gehackt-und-malware-an-das-fbi-verkauft-2601-204410.html
-
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
Tags: access, cybersecurity, exploit, hacker, linkedin, malicious, malware, open-source, phishing, ratCybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT).The activity delivers “weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script,” ReliaQuest said in a report shared with First…
-
Hacking Challenge 2026 – Junge Hacker stellen sich böser KI
First seen on security-insider.de Jump to article: www.security-insider.de/hacking-challenge-2026-th-augsburg-it-security-a-7a1a24ae06609f84f7a075a35152213d/