menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Hacking News

Hacking News

source image

Securityaffairs

1h

read

58

img
dot

Image Credit: Securityaffairs

CISA warns of RESURGE malware exploiting Ivanti flaw

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances.
  • RESURGE malware exploits the CVE-2025-0282 flaw in Ivanti Connect Secure appliances and has been used in attacks.
  • The malware creates web shells, bypasses integrity checks, and facilitates credential harvesting and privilege escalation.
  • CISA provides details about the malicious Linux shared object file 'libdsupgrade.so' and the log-tampering variant of 'SPAWNSLOTH' associated with the RESURGE malware.

Read Full Article

like

3 Likes

share

Share

source image

Hackingblogs

10h

read

253

img
dot

Image Credit: Hackingblogs

Vroom Leaked 30000+ Australians Bank Detail Are Exposed And ID’S Leaked

  • Australia's car loan marketplace Vroom by YouX experienced a security breach in which 27,000 driver's licenses, Medicare cards, and partial credit card information were made public.
  • The breach involved a non-password-protected Amazon S3 database that contained personal information such as bank statements, employment data, and Medicaid cards.
  • The exposed data poses risks of identity theft and fraud, and cybercriminals could potentially use the information for phishing scams or creating fake accounts.
  • To prevent similar incidents, cybersecurity researcher Jeremiah Fowler suggests implementing data minimization policies, active monitoring, and anomaly detection systems.

Read Full Article

like

15 Likes

share

3 Shares

source image

Securityaffairs

11h

read

126

img
dot

Image Credit: Securityaffairs

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

  • Sam's Club, a Walmart-owned membership warehouse club chain, is investigating the alleged Cl0p ransomware security breach.
  • The Cl0p ransomware group listed Sam's Club among its victims, accusing the company of ignoring security.
  • Sam's Club announced that it is actively investigating the matter, but has seen no evidence of a breach.
  • In December 2024, the Cl0p ransomware group claimed to have breached multiple companies through the Cleo file transfer software vulnerability.

Read Full Article

like

7 Likes

share

1 Share

source image

Hackersking

18h

read

82

img
dot

Image Credit: Hackersking

How To Use Remote Access Trojan AndroRAT | All Errors Solved

  • AndroRAT is a free software that allows remote control of Android devices.
  • It can be used responsibly in penetration testing.
  • Before using AndroRAT, you need a computer running Windows or Linux, JDK, and a port forwarding service.
  • AndroRAT can be used to generate a malicious APK, gain remote access, and perform various actions on the target device.

Read Full Article

like

4 Likes

share

1 Share

source image

Securityaffairs

1d

read

319

img
dot

Image Credit: Securityaffairs

FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme

  • The U.S. DOJ seized over $8.2 million in USDT stolen through ‘romance baiting’ scams.
  • Fraudsters tricked victims into fake investments promising high returns.
  • The FBI used blockchain intelligence to trace the flow of funds through various platforms and networks.
  • The seizure provides restitution for victims as the FBI traces additional addresses.

Read Full Article

like

19 Likes

share

4 Shares

source image

Securityaffairs

1d

read

327

img
dot

Image Credit: Securityaffairs

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

  • The new Android trojan Crocodilus exploits accessibility features and targets users in Spain and Turkey.
  • Crocodilus uses overlay attacks, keylogging, and remote access to steal banking and crypto credentials.
  • The trojan supports advanced keylogger capabilities and a wide range of bot and RAT commands.
  • Crocodilus is linked to the threat actor 'sybra' and poses a significant threat to banks and cryptocurrency wallets.

Read Full Article

like

19 Likes

share

4 Shares

source image

Medium

1d

read

265

img
dot

Image Credit: Medium

The Dark Truth About Instagram: Why You Need to Make Your Account Hacking-Proof

  • Being a content creator on Instagram comes with the risk of having your account hacked, and recovery is difficult.
  • To make your Instagram account hacking-proof, using an Authenticator App for 2FA is recommended.
  • Additionally, it is essential to avoid logging into Instagram from unofficial apps or sketchy websites
  • Regular security checkups, using unique and complex passwords, and being cautious of phishing emails are also important preventive measures.

Read Full Article

like

15 Likes

share

3 Shares

source image

Securityaffairs

2d

read

277

img
dot

Image Credit: Securityaffairs

Crooks are reviving the Grandoreiro banking trojan

  • Crooks are reviving the Grandoreiro banking trojan.
  • Grandoreiro is a modular backdoor with various capabilities including keylogging, command execution, and web-injects.
  • The trojan has been active since 2016 and initially targeted Brazil but expanded to Mexico, Portugal, and Spain.
  • The recent phishing campaigns use VPS hosting, obfuscation, and malicious ZIP files to evade detection and steal credentials.

Read Full Article

like

16 Likes

share

3 Shares

source image

Idownloadblog

2d

read

341

img
dot

Image Credit: Idownloadblog

Ian Beer publishes in-depth analysis of BLASTPASS zero-click iMessage exploit from 2023

  • Google Project Zero researcher Ian Beer has published an in-depth analysis of the BLASTPASS zero-click iMessage exploit.
  • The exploit allowed attackers to compromise iPhones and iPads without any user input, by sending malicious images via iMessage.
  • Beer's analysis highlights the need for sandboxing to treat all incoming attacker-controlled data as untrusted, rather than simply trusting file extensions.
  • While the BLASTPASS exploit has been patched by Apple, the analysis suggests similar attacks may continue to be developed in the future.

Read Full Article

like

20 Likes

share

4 Shares

source image

Securityaffairs

11h

read

154

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 517 by Pierluigi Paganini – INTERNATIONAL EDITION

  • FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme
  • Experts warn of the new sophisticate Crocodilus mobile banking Trojan
  • Russian authorities arrest three suspects behind Mamont Android banking trojan
  • Mozilla fixed critical Firefox vulnerability CVE-2025-2857

Read Full Article

like

9 Likes

share

2 Shares

source image

Hackernoon

1d

read

3

img
dot

Image Credit: Hackernoon

Hallucination by Design: How Embedding Models Misunderstand Language

  • Text embeddings are crucial for converting words and sentences into numerical vectors to capture their meaning, used widely in NLP systems.
  • Despite their prevalent use, there's a lack of comprehensive understanding of how embedding models operate practically, leading to errors and suboptimal user experiences.
  • Issues like missing negations, numerical illiteracy, insensitivity to capitalization, and the handling of spaces and references pose significant challenges in embedding model behavior.
  • Industries such as Retail, Medical Care, and Finance can benefit significantly from addressing and understanding these embedding model flaws.
  • The article highlights various problematic scenarios, including issues with case sensitivity, numerical distinctions, negations, spaces, references, counterfactuals, and ranges.
  • The author outlines a testing framework to evaluate how embedding models handle different text variations and emphasizes the importance of real-world testing before deployment.
  • Recommendations include building safeguards for critical blind spots, combining multiple techniques, and being transparent with users about the system limitations.
  • Understanding that embedding models interpret language through statistical patterns rather than human-like comprehension is crucial for improving system performance.
  • Acknowledging and designing around these inherent blind spots in embedding models can lead to more effective and reliable language processing systems.
  • Further investigation into other cases of model limitations and their implications will be covered in the subsequent post by the author.
  • The article emphasizes the importance of recognizing and addressing the limitations of embedding models to enhance the efficiency and reliability of language processing systems.

Read Full Article

like

Like

share

Share

source image

Gizchina

1d

read

176

img
dot

Image Credit: Gizchina

Hackers Steal Data and Blackmail U.S. Hospitals in Oracle Breach

  • Hackers breached Oracle's servers, stole sensitive patient data, and blackmailed several US medical institutions.
  • The breach highlights security concerns in the healthcare sector and the need for improved security protocols for patient records.
  • Oracle notified affected firms and authorities are investigating the ransom demands.
  • The incident emphasizes the importance of collaboration between healthcare and technology companies to protect patient data and privacy.

Read Full Article

like

10 Likes

share

2 Shares

source image

Guardian

1d

read

320

img
dot

Image Credit: Guardian

Birthday freebies: how to cash in on UK retailers’ gifts and discounts

  • Signing up for loyalty programs and newsletters can help access freebies and discounts from retailers on your birthday.
  • Various retailers offer free treats on birthdays with certain conditions, such as Greggs providing a free treat through their app.
  • Beauty brands like Space NK and Rituals offer free gifts for birthdays upon joining their loyalty programs.
  • Hotel Chocolat and Lindt provide discounts or free chocolates on birthdays through their membership programs.
  • Restaurants like Burger King and Zizzi offer free meals or discounts on birthdays upon joining their rewards programs.
  • Fashion retailers like H&M and Nike provide discounts on birthdays through their membership programs.
  • Signing up for these programs may lead to data collection and potential privacy risks.
  • Experts recommend using caution, creating separate email addresses for sign-ups, and being aware of terms and conditions.
  • Taking steps like strong passwords, reading terms, and controlling app permissions can help protect personal information.
  • Uninstalling unnecessary apps is advised to prevent ongoing data collection without consent.

Read Full Article

like

19 Likes

share

4 Shares

source image

Idownloadblog

2d

read

315

img
dot

Image Credit: Idownloadblog

Technical analysis by Verichains confirms sandbox escape use by certain banking apps to detect TrollStore, jailbreak apps

  • Certain banking apps in the Apple App Store are using 0-day sandbox escape technique to detect unfavorable apps on users' devices.
  • Finance security firm Verichains conducted an analysis and identified at least two banking apps using this technique: BIDV SmartBanking and Agribank.
  • The apps are exploiting a private iOS API to check for the presence of certain apps, including popular package manager apps, jailbreak apps, and TrollStore.
  • Using private APIs without user consent violates Apple's guidelines and risks app removal from the App Store.

Read Full Article

like

18 Likes

share

4 Shares

source image

Securityaffairs

2d

read

216

img
dot

Image Credit: Securityaffairs

Mozilla fixed critical Firefox vulnerability CVE-2025-2857

  • Mozilla has addressed a critical vulnerability, CVE-2025-2857, in its Firefox browser for Windows.
  • The vulnerability, which is similar to the one exploited in Chrome as a zero-day, could allow a sandbox escape.
  • The flaw impacted Firefox and Firefox ESR, and was fixed in versions 136.0.4, 115.21.1, and 128.8.1.
  • Mozilla is not aware of any active attacks exploiting the vulnerability at this time.

Read Full Article

like

13 Likes

share

3 Shares

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app