A naukri.com initiative
Hacking News
Cryptopotato
4w
159
Image Credit: Cryptopotato
XRP Ledger SDK Compromised by Backdoor Exploit
- The XRP Ledger Foundation has warned about a security vulnerability in the official JavaScript SDK, which interacts with the XRPL.
- A security researcher identified a serious vulnerability in the xrpl npm package.
- Hackers were able to collect private keys and steal assets from compromised wallets.
- The XRP Ledger Foundation has released a clean version of the NPM package to ensure the SDK's safety.
Read Full Article
9 Likes
Securityaffairs
4w
79
Image Credit: Securityaffairs
Crypto mining campaign targets Docker environments with new evasion technique
- A new malware campaign has been discovered that targets Docker environments to secretly mine cryptocurrency.
- The campaign deploys a malicious node connected to Teneo, a decentralized infrastructure network, to covertly monetize social media bandwidth.
- The malware uses an obfuscated script in the Docker image, which requires multiple iterations to reveal the actual malicious code.
- The attacker's DockerHub profile suggests a pattern of abuse, utilizing alternative methods of generating crypto with a Nexus network client.
Read Full Article
4 Likes
TronWeekly
4w
0
Image Credit: TronWeekly
XRPL Hack Scare: What Developers Need to Know
- The XRPL JavaScript library (v4.2.1-4.2.4, v2.14.2) had a vulnerability potentially stealing private keys. Update to v4.2.5 immediately.
- The XRP Ledger Foundation has recently discovered a security vulnerability in the JavaScript library (v4.2.1–4.2.4 and v2.14.2) used to interact with the ledger that could steal crypto private keys.
- The foundation has urged affected projects to update to the latest version and address this potentially catastrophic supply chain risk.
- Despite the vulnerability, the XRP Ledger has processed over 2.8 billion secure transactions and has seen growing institutional adoption.
Read Full Article
Like
Medium
4w
439
Image Credit: Medium
Tor’s Bold Move: Why Removing User-Agent Randomization Unlocks a New Era of Browser Anonymity
- Tor Browser has removed user-agent randomization and adopted a single, immutable fingerprint to enhance browser anonymity.
- The previous practice of user-agent randomization introduced inconsistencies and vulnerabilities in Tor's anonymity protection.
- Tor's new approach focuses on uniformity and relies on a single user-agent string for all users, making it difficult to identify individual users.
- The decision has received mixed reactions from privacy purists, power users, and developers, but Tor is aiming to evolve its privacy measures beyond user-agent based techniques.
Read Full Article
26 Likes
Kitploit
4w
75
Image Credit: Kitploit
Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- A custom Python-based proof-of-concept (PoC) exploit has been developed to target Text4Shell (CVE-2022-42889).
- The exploit targets a critical remote code execution vulnerability in Apache Commons Text versions < 1.10.
- The vulnerability allows injection of ${script:...} expressions to execute arbitrary system commands.
- This exploit is provided for educational and authorized penetration testing purposes only.
Read Full Article
4 Likes
Securityaffairs
4w
306
Image Credit: Securityaffairs
The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack
- The xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users’ private keys.
- Threat actors compromised the Ripple cryptocurrency npm JavaScript library xrpl.js to harvest users’ private keys.
- The researchers investigated the supply chain attack and discovered that five xrpl package versions contained malicious code.
- Users of the xrpl.js library are urged to update to versions 4.2.5 or 2.14.3 to mitigate risks from the recent supply chain attack.
Read Full Article
18 Likes
Securityaffairs
4w
337
Image Credit: Securityaffairs
British retailer giant Marks & Spencer (M&S) is managing a cyber incident
- Marks & Spencer (M&S) is managing a cyber incident after multiple customer complaints surfaced.
- M&S has engaged external cyber security experts to assist with investigating and managing the incident.
- Customers reported outages affecting card payments, gift cards, and M&S's Click and Collect service.
- The incident has been reported to relevant data protection authorities and the National Cyber Security Centre.
Read Full Article
20 Likes
Securityaffairs
4w
44
Image Credit: Securityaffairs
Chinese Cybercriminals Released Z-NFC Tool for Payment Fraud
- Chinese cybercriminals have released a tool called Z-NFC for conducting payment fraud using NFC technology.
- Multiple Chinese cybercriminal groups have been targeting Google and Apple Wallet customers, abusing contactless payments and NFC technology.
- The Z-NFC tool is being sold on Telegram and facilitates fraudulent transactions using Android-based phones and mobile wallets.
- Cybercriminals exploit the lack of Cardholder Verification Method (CVM) for low-value contactless payments, enabling multiple small transactions with compromised cards.
Read Full Article
2 Likes
Hackersking
4w
75
Image Credit: Hackersking
Free All In One AI Images and Videos Generator - Pollo AI
- Pollo AI is a Free All-in-One AI Videos Generator that combines video and image generation.
- The Video AI suite allows users to create high-quality videos from images, text, or existing footage.
- The Image AI capabilities enable the generation of high-resolution images with different styles and moods.
- Pollo AI is being used by digital artists, social media influencers, marketers, and brands to enhance their creative output.
Read Full Article
4 Likes
Hackersking
4w
137
Image Credit: Hackersking
Make Your Social Photos Work for Your Business- With AI
- In today’s digital world, the visual impact of social media content is crucial for brand perception and standing out.
- AI has revolutionized social media photo creation, eliminating the need for professional photo shoots.
- AI tools allow businesses to generate, customize, and optimize visuals quickly for engagement.
- Artificial intelligence has become a creative partner, creating new visuals based on prompts and brand preferences.
- AI's adaptability enables businesses to produce unique visuals tailored to different niches and campaigns.
- AI-generated images can strategically align with brand goals, colors, and messaging for effective branding.
- With AI tools, businesses can create immersive visuals that resonate with audiences and enhance storytelling.
- Originality is key for engagement, and AI-generated images offer unique content that boosts brand recall.
- Choosing the right AI tool streamlines the image creation process, ensuring stunning and original visuals.
- Using AI for image generation gives businesses a competitive edge, allowing quick adaptation and high-quality visuals.
Read Full Article
8 Likes
Medium
4w
88
Image Credit: Medium
Heap Encryption
- Heap Encryption involves storing payload in the process heap in an encrypted form.
- This technique adds an extra layer of obfuscation and helps evade static analysis tools.
- The code demonstrates the implementation of Heap Encryption using HeapAlloc in Windows OS.
- By using XOR encryption, the shellcode in memory is obfuscated and then decrypted for execution.
Read Full Article
5 Likes
Securityaffairs
4w
439
Image Credit: Securityaffairs
Millions of SK Telecom customers are potentially at risk following USIM data compromise
- SK Telecom, South Korea's largest wireless telecom company, reported that threat actors accessed customer Universal Subscriber Identity Module (USIM) info through a malware attack.
- The company detected the infection on April 19, 2025, and promptly reported it to the Korea Internet & Security Agency (KISA), sanitized the impacted systems, and isolated the suspected hacking device.
- No cases of misuse of the information have been confirmed to date, but SK Telecom has enhanced defensive measures, blocked illegal SIM card changes, and abnormal authentication attempts.
- The company is offering impacted customers a free subscription to the 'SIM protection service' as an additional security measure.
Read Full Article
26 Likes
Securelist
4w
310
Image Credit: Securelist
Russian organizations targeted by backdoor masquerading as secure networking software updates
- Russian organizations targeted by backdoor masquerading as secure networking software updates.
- Sophisticated backdoor discovered targeting large organizations in Russia.
- Backdoor distributed inside LZH archives posing as ViPNet software updates.
- Backdoor enables attacker to steal files and launch additional malicious components.
Read Full Article
18 Likes
Kitploit
4w
201
Image Credit: Kitploit
Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- A Python script to check Next.js sites for corrupt middleware vulnerability (CVE-2025-29927).
- The corrupt middleware vulnerability allows an attacker to bypass authentication and access protected routes.
- Next JS versions affected: - 11.1.4 and up.
- Use the provided Python script with caution and only on websites you own or have explicit permission to test.
Read Full Article
12 Likes
Securityaffairs
4w
8
Image Credit: Securityaffairs
Abilene city, Texas, takes systems offline following a cyberattack
- Abilene, Texas, shut down systems after a cyberattack caused server issues. IT staff and experts are investigating the security incident.
- The incident occurred on April 18, 2025, emergency services remained operational, and no financial irregularities were found.
- Card systems at government offices are down, so only cash, checks, or online card payments are accepted.
- In May 2023, the IT systems at the City of Dallas, Texas, were targeted by a ransomware attack.
Read Full Article
Like
For uninterrupted reading, download the app