Tag: hacker
-
Nation-State Hackers Play the Vibes
Who Knew APT Hackers Liked Emojis So Much?. All the nation-state hackers are vibe coding. Vibeware won’t win any coding awards. It’s not pretty. It doesn’t target any zero-day vulnerabilities or known flaws in innovative new ways – but it does allow polyglot malware to be generated at scale. First seen on govinfosecurity.com Jump to…
-
Analyse von Palo Alto – Hacker erstellen Phishing-Seiten mit LLMs in Echtzeit
First seen on security-insider.de Jump to article: www.security-insider.de/ki-phishing-llm-javascript-im-browser-palo-alto-networks-a-7f2c070feb5687a9b52f9c3c76177df0/
-
Lazarus-Gruppe auf Blockchain-Beutezug Wie Hacker Whitelists als Zielscheiben missbrauchen
Check Point Software Technologies warnt vor einem gefährlichen Sicherheitsirrtum im Umgang mit digitalen Vermögenswerten auf öffentlichen Blockchains. Am Beispiel der nordkoreanischen Hacker ‘Lazarus Group>> zeigt Check Point auf, dass Whitelists Angreifern als Orientierung dienen, um zu erkennen, welche Dienstleister, Gegenparteien oder Infrastrukturkomponenten kompromittiert werden müssen, um an die Assets zu gelangen. In nur sieben Monaten…
-
LeakBase Cybercrime and Hacker Forum Seized
Europol seizes LeakBase cybercrime and hacker forum used to trade stolen data, disrupting a global platform with over 140,000 members. First seen on hackread.com Jump to article: hackread.com/leakbase-cybercrime-hacker-forum-seized/
-
LatAm Now Faces 2x More Cyberattacks Than US
Much of Central and South America struggles with cybersecurity maturity, and hackers are taking advantage. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/latam-2x-more-cyberattacks-us
-
Operational Technology (OT) penetration testing: Defining, Process and Tools
Operational penetration testing is a process of simulating real-world attacks on OT systems to identify vulnerabilities before cybercriminals can exploit them, either physically or remotely. OT penetration testing is a proactive approach to identifying vulnerabilities in OT systems before adversaries exploit them. OT penetration testing is performed by penetration testers, ethical hackers, and industrial cybersecurity……
-
DPRK Hackers Target Crypto Firms, Steal Keys and Cloud Assets in Coordinated Attacks
Suspected DPRK-linked threat actors have been observed compromising cryptocurrency firms through a coordinated campaign that blends web-app exploitation, cloud abuse, and secrets theft to position for large”‘scale digital asset theft. The intrusions show a full kill chain from initial access via the React2Shell vulnerability (CVE”‘2025″‘55182) to deep AWS and Kubernetes reconnaissance and exfiltration of proprietary…
-
Von Ethical Hacker erpresst? – Ungeschützte Datenbank legt eine Milliarde Kundendaten offen
First seen on security-insider.de Jump to article: www.security-insider.de/datenleck-milliarden-sensible-daten-enthuellt-a-d866daf68c3c4d3fcb3df0e8e9bc7f61/
-
Von Ethical Hacker erpresst? – Ungeschützte Datenbank legt eine Milliarde Kundendaten offen
First seen on security-insider.de Jump to article: www.security-insider.de/datenleck-milliarden-sensible-daten-enthuellt-a-d866daf68c3c4d3fcb3df0e8e9bc7f61/
-
State-affiliated hackers set up for critical OT attacks that operators may not detect
Tags: access, antivirus, attack, conference, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, firmware, fortinet, group, hacker, incident response, infrastructure, Internet, Intruder, lessons-learned, malware, mfa, monitoring, network, password, penetration-testing, phishing, regulation, russia, service, spear-phishing, supply-chain, threat, tool, ukraine, update, vulnerabilityRussia’s OT attack teams expand beyond Ukraine: The Russia-linked pair Kamacite and Electrum, which Dragos has tracked since the mid-2010s and is responsible for the 2015 and 2016 cyberattacks that took down parts of Ukraine’s power grid, expanded operations into NATO territory in 2025 after years focused almost exclusively on Ukrainian targets.Kamacite, which serves as…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
State-affiliated hackers set up for critical OT attacks that operators may not detect
Tags: access, antivirus, attack, conference, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, firmware, fortinet, group, hacker, incident response, infrastructure, Internet, Intruder, lessons-learned, malware, mfa, monitoring, network, password, penetration-testing, phishing, regulation, russia, service, spear-phishing, supply-chain, threat, tool, ukraine, update, vulnerabilityRussia’s OT attack teams expand beyond Ukraine: The Russia-linked pair Kamacite and Electrum, which Dragos has tracked since the mid-2010s and is responsible for the 2015 and 2016 cyberattacks that took down parts of Ukraine’s power grid, expanded operations into NATO territory in 2025 after years focused almost exclusively on Ukrainian targets.Kamacite, which serves as…
-
CVSS-Score 10.0 – Hacker können WhatsApp-Sitzungen von Nanobot-Nutzern übernehmen
First seen on security-insider.de Jump to article: www.security-insider.de/nanobot-whatsapp-bridge-cve-2026-2577-session-uebernahme-a-f21834258a7b68c129e5bd26382fe277/
-
Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware
A new phishing campaign is using stolen certificates from TrustConnect Software PTY LTD to sign malware. By impersonating updates for Zoom and Microsoft Teams, hackers install RMM tools to gain persistent, privileged access to networks First seen on hackread.com Jump to article: hackread.com/fake-zoom-teams-invites-malware-certificates/
-
Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mail2shell-zero-click-attack-lets-hackers-hijack-freescout-mail-servers/
-
Hacker mass-mails HungerRush extortion emails to restaurant patrons
Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/
-
Iran-nexus hackers target flaws in surveillance cameras
The threat activity echoes prior exploitation during the Israeli war with Hamas, a precursor to attacks against critical sectors in the U.S. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-hackers-target-flaws-ip-cameras/813795/
-
The CTEM Divide: Why 84% of Security Programs Are Falling Behind
Originally published on the Hacker News here. A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-ctem-divide-why-84-of-security-programs-are-falling-behind/
-
Securing Microsoft 365: A Live Breakdown of Modern Attack Paths
An OnDemand Webinar with former NSA operative Kyle Hanslovan. Watch how hackers steal credentials, bypass Microsoft 365 MFA, and completely wreck enterprise systems in under 10 minutes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securing-microsoft-365-live-breakdown-modern-attack-paths-a-30901
-
Securing Microsoft 365: A Live Breakdown of Modern Attack Paths
An OnDemand Webinar with former NSA operative Kyle Hanslovan. Watch how hackers steal credentials, bypass Microsoft 365 MFA, and completely wreck enterprise systems in under 10 minutes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securing-microsoft-365-live-breakdown-modern-attack-paths-a-30901
-
Securing Microsoft 365: A Live Breakdown of Modern Attack Paths
An OnDemand Webinar with former NSA operative Kyle Hanslovan. Watch how hackers steal credentials, bypass Microsoft 365 MFA, and completely wreck enterprise systems in under 10 minutes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securing-microsoft-365-live-breakdown-modern-attack-paths-a-30901
-
Russian hackers deploy new malware in phishing campaign targeting Ukraine
Researchers have identified a suspected Russian espionage campaign targeting Ukraine that uses two previously undocumented malware strains. First seen on therecord.media Jump to article: therecord.media/russian-ukraine-hackers-malware
-
Surge in Attacks on Surveillance Cameras Linked to Iranian Hackers
Increased attempts to compromise surveillance cameras linked to Iran during Middle East conflict First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-attacks-surveillance-cameras/
-
Exploit-Kit Coruna: iPhone-Nutzer mit bis zu 23 iOS-Exploits attackiert
Russische und chinesische Hacker sind offenbar an alte iOS-Exploits der US-Regierung gelangt und greifen damit massenhaft iPhone-Nutzer an. First seen on golem.de Jump to article: www.golem.de/news/exploit-kit-coruna-massig-iphone-nutzer-mit-bis-zu-23-ios-exploits-attackiert-2603-206074.html
-
Datenpanne bei Entwicklerstudio: Hacker erbeutet Daten von Star-Citizen-Spielern
Ein Angreifer hatte Zugriff auf Systeme des Star-Citizen-Entwicklers Cloud Imperium Games und konnte unter anderem Spielerdaten abgreifen. First seen on golem.de Jump to article: www.golem.de/news/cloud-imperium-games-hacker-erbeutet-daten-von-star-citizen-spielern-2603-206066.html
-
Exploit-Kit Coruna: Massig iPhone-Nutzer mit bis zu 23 iOS-Exploits attackiert
Russische und chinesische Hacker sind offenbar an alte iOS-Exploits der US-Regierung gelangt und greifen damit massenhaft iPhone-Nutzer an. First seen on golem.de Jump to article: www.golem.de/news/exploit-kit-coruna-massig-iphone-nutzer-mit-bis-zu-23-ios-exploits-attackiert-2603-206074.html
-
Cloud Imperium Games: Hacker erbeutet Daten von Star-Citizen-Spielern
Ein Angreifer hatte Zugriff auf Systeme des Star-Citizen-Entwicklers Cloud Imperium Games und konnte unter anderem Spielerdaten abgreifen. First seen on golem.de Jump to article: www.golem.de/news/cloud-imperium-games-hacker-erbeutet-daten-von-star-citizen-spielern-2603-206066.html
-
AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning
100-plus prebuilt tool recipes and a human-readable YAML-based extension system;Attack-chain graph, risk scoring, and “step-by-step replay”;Password-protected web user interfaces (UIs) and audit logs;A knowledge base with vector search, hybrid retrieval, and searchable archives;Vulnerability management with create, read, update, delete (CRUD) operations, severity tracking, status workflow, and statistics;Batch task management that can organize task queues and…