[email protected] The Hacker News

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

[email protected] The Hacker News March 24, 2025

Mar 24, 2025Ravie LakshmananVulnerability / Web Security A critical security flaw has been disclosed in the Next.js...

GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets

GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets

[email protected] The Hacker News March 23, 2025

The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against one of...

U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

[email protected] The Hacker News March 22, 2025

Mar 22, 2025Ravie LakshmananFinancial Security / Cryptocurrency The U.S. Treasury Department has announced that it’s removing sanctions...

UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools

UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools

[email protected] The Hacker News March 21, 2025

Mar 21, 2025Ravie LakshmananThreat Hunting / Vulnerability Threat hunters have uncovered a new threat actor named UAT-5918...

Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

[email protected] The Hacker News March 21, 2025

Mar 21, 2025Ravie LakshmananRansomware / BYOVD The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been...

10 Critical Network Pentest Findings IT Teams Overlook

10 Critical Network Pentest Findings IT Teams Overlook

[email protected] The Hacker News March 21, 2025

Mar 21, 2025The Hacker NewsNetwork Security / Vulnerability After conducting over 10,000 automated internal network penetration tests...

China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families

China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families

[email protected] The Hacker News March 21, 2025

Mar 21, 2025Ravie LakshmananCybercrime / Cyber Espionage The China-linked advanced persistent threat (APT) group. known as Aquatic...

Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers

Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers

[email protected] The Hacker News March 21, 2025

Mar 21, 2025Ravie LakshmananMalware / Cyber Attack Two known threat activity clusters codenamed Head Mare and Twelve...

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility

[email protected] The Hacker News March 21, 2025

Mar 21, 2025Ravie LakshmananCyber Attack / Vulnerability Two now-patched security flaws impacting Cisco Smart Licensing Utility are...

YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users

YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users

[email protected] The Hacker News March 20, 2025

Mar 20, 2025Ravie LakshmananMalware / Threat Analysis YouTube videos promoting game cheats are being used to deliver...