Tag: hacker
-
FIFA schrammt knapp an schwerem IT-Sicherheitsvorfall vorbei
…wäre da nicht die Hartnäckigkeit eines ethischen Hackers in Japan gewesen. Die FIFA hat sich mit einer schwerwiegenden Sicherheitslücke, über die Bobdahacker gestern berichtete, beinahe ein Eigentor geschossen. Der japanische Hacker fand heraus, dass sich jedermann einfach mit einem Ausweis auf der offiziellen FIFA-Agentenplattform registrieren konnte. Durch eine fehlerhafte clientseitige Rollenprüfung im Backend konnte… First…
-
FIFA Bug Exposes World Cup Streams to Remote Takeover
A hacker could have Rickrolled the World Cup, or worse, thanks to FIFA’s unenforced Entra access controls. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/fifa-bug-world-cup-streams-remote-takeover
-
FIFA Bug Exposed World Cup Streams to Remote Takeover
A hacker could have Rickrolled the World Cup, or worse, thanks to FIFA’s unenforced Entra access controls. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/fifa-bug-world-cup-streams-remote-takeover
-
Hostile states launched nearly 200 attacks on UK infrastructure in 12 months, says NCSC chief
Hackers will use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale by 2028, says National Cyber Security Centre CEO Richard Horne First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644872/Hostile-states-launched-200-attacks-on-UK-infrastructure-in-five-months-says-NCSC-chief
-
Texas government data breach allowed hackers to steal 3 million driver’s licenses and passports
A data breach involving government-issued ID documents affects over three million people in Texas. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/18/texas-government-data-breach-allowed-hackers-to-steal-3-million-drivers-licenses-and-passports/
-
DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure.According to findings from Broadcom-owned Symantec and Carbon Black, the backdoor was deployed against a major U.S. services firm. The name of the company was First…
-
Malware attacks strip Roblox developers of entire games
Hackers who once focused on stealing valuable Roblox items are now taking over entire games. Although Roblox operates the service, users can create and publish their own games … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/18/roblox-game-takeover-malware-attacks/
-
Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
Apple has released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users’ conversations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-fixes-beats-studio-buds-flaw-that-let-hackers-spy-on-conversations/
-
Cybercriminals Are Worried About AI Taking Their Jobs Too
Analysis of chatter on underground forums by Sophos finds that hackers fear AI could take work away from them First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybercriminals-worried-ai-take/
-
Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data
Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, including API keys and authentication tokens. The vulnerability, tracked as CVE-2026-4020 with a CVSS score of 5.3, affects all versions up to and including 2.1.4 and exposes more than 100,000 websites to potential…
-
Financially Motivated Hackers Turn Legitimate IT Tools Into Remote Access Payloads
A novel evolution of LLMjacking: a threat actor leveraging a publicly exposed Ollama model server as the reasoning engine for an automated, multi-stage offensive framework. Rather than using the model for chat or resale, the attacker integrated unauthenticated model inference into a VAPT-style pipeline that scans targets, maps vulnerabilities, synthesizes proof-of-concept exploits, and attempts command…
-
Financially Motivated Hackers Turn Legitimate IT Tools Into Remote Access Payloads
A novel evolution of LLMjacking: a threat actor leveraging a publicly exposed Ollama model server as the reasoning engine for an automated, multi-stage offensive framework. Rather than using the model for chat or resale, the attacker integrated unauthenticated model inference into a VAPT-style pipeline that scans targets, maps vulnerabilities, synthesizes proof-of-concept exploits, and attempts command…
-
Riesige Angriffswelle: Hacker knacken Admin-Passwörter von 74.000 Firewalls
Angreifer attackieren massenhaft Firewalls des Herstellers Fortinet. Sie sollen bereits Admin-Zugangsdaten für 74.000 Geräte erbeutet haben. First seen on golem.de Jump to article: www.golem.de/news/riesige-angriffswelle-hacker-knacken-admin-passwoerter-von-74-000-firewalls-2606-209916.html
-
Gefälschter Microsoft-Sicherheitsalarm: Nordkoreanische Hacker nutzen NarwhalRAT
Die Hackergruppe ScarCruft nutzt gefälschte Microsoft-Sicherheitsalarme, um die neue, im Arbeitsspeicher agierende Schadsoftware NarwhalRAT zu verbreiten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/narwhalrat-hacker
-
Urlaubs-Phishing: Wenn Cyberkriminelle Ihre Reisedaten kennen
Gezieltes Urlaubs-Phishing mit neuer Qualität Zutreffende persönliche Reisedaten erhöhen die Glaubwürdigkeit von WhatsApp-Phishing-Kampagnen. Hacker schalten sich in Booking.com-interne Kommunikation ein, um Daten zu erbeuten. Reisedaten von Anwendern sind lohnende Informationen für Cyberkriminelle. Bereits mit jeder Vorurlaubssaison starten Phishing-Kriminelle ihre Angriffe auf erholungssuchende und urlaubsplanende Verbraucher. Die Bitdefender Labs erkennen in ihrer aktuellen Analyse……
-
Heart Monitoring Firm Tells SEC Hackers Stole Sensitive Data
iRhythm: Patient Information and ‘Proprietary’ Data Breached, Held for Ransom. Cardiac monitoring firm iRhythm Technologies has told the U.S. Securities and Exchange Commission that hackers recently stole proprietary data and patient health information from certain third-party-hosted business applications, and demanded a ransom. The company did not disclose whether it paid. First seen on govinfosecurity.com Jump…
-
Hostile states launched nearly 200 attacks on UK infrastructure in five months, says NCSC chief
Hackers will use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale by 2028, says National Cyber Security Centre CEO Richard Horne First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644872/Hostile-states-launched-200-attacks-on-UK-infrastructure-in-five-months-says-NCSC-chief
-
Hostile states launched nearly 200 attacks on UK infrastructure in five months, says NCSC chief
Hackers will use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale by 2028, says National Cyber Security Centre CEO Richard Horne First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644872/Hostile-states-launched-200-attacks-on-UK-infrastructure-in-five-months-says-NCSC-chief
-
Ozempic Maker Novo Nordisk Confirms Security Incident After $25M Hacker Demand
Hackers claim they stole 1.3TB of Novo Nordisk data, including clinical trial and AI model information, after issuing a $25 million demand. The post Ozempic Maker Novo Nordisk Confirms Security Incident After $25M Hacker Demand appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-novo-nordisk-1-3tb-theft-25m-demand-emea/
-
Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data
A new security analysis has revealed that Microsoft SQL Server 2025’s native AI capabilities can be repurposed by attackers to stealthily exfiltrate sensitive data and establish command-and-control (C2) channels directly within the database engine, significantly expanding the post-exploitation attack surface. Security researcher Justin Kalnasy of SpecterOps demonstrated that newly introduced AI-focused features, intended to support…
-
Über 400 ArchPakete im AUR manipuliert
Hacker haben über 400 Community-Pakete im Arch User Repository manipuliert, um Passwörter zu stehlen und ein eBPF-Rootkit zu installieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linux-pakete-manipuliert
-
Über 400 ArchPakete im AUR manipuliert
Hacker haben über 400 Community-Pakete im Arch User Repository manipuliert, um Passwörter zu stehlen und ein eBPF-Rootkit zu installieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linux-pakete-manipuliert
-
Hostile states launched 200 attacks on UK infrastructure in five months, says NCSC chief
Hackers will use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale by 2028, says National Cyber Security Centre CEO Richard Horne First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644872/Hostile-states-launched-200-attacks-on-UK-infrastructure-in-five-months-says-NCSC-chief
-
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials.Ordinary stuff, until one move near the end.Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim’s machine, building a way back in that did not run through the C2 at all. When…
-
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials.Ordinary stuff, until one move near the end.Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim’s machine, building a way back in that did not run through the C2 at all. When…
-
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials.Ordinary stuff, until one move near the end.Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim’s machine, building a way back in that did not run through the C2 at all. When…
-
Hackers Target npm Ecosystem by Compromising 140+ Mastra Packages
A large-scale software supply chain attack has compromised more than 140 npm packages under the widely used Mastra namespace, exposing developers, CI/CD pipelines, and enterprise environments to a stealthy cross-platform infostealer. The campaign, uncovered by the Socket Research Team on June 17, 2026, leveraged a typosquatting dependency, easy-day-js, to silently deliver malicious payloads during package…
-
Hackers Target npm Ecosystem by Compromising 140+ Mastra Packages
A large-scale software supply chain attack has compromised more than 140 npm packages under the widely used Mastra namespace, exposing developers, CI/CD pipelines, and enterprise environments to a stealthy cross-platform infostealer. The campaign, uncovered by the Socket Research Team on June 17, 2026, leveraged a typosquatting dependency, easy-day-js, to silently deliver malicious payloads during package…
-
15 Malicious JetBrains Plugins Caught Stealing DeepSeek, OpenAI API Keys
Hackers are using 15 malicious JetBrains plugins posing as AI coding assistants to steal DeepSeek, OpenAI, and other developer API keys. First seen on hackread.com Jump to article: hackread.com/malicious-jetbrains-plugins-steal-deepseek-openai-api-keys/