News

The Hacker News1d
Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards
Edouard Bochin and Tao Yan from Palo Alto Networks have been credited with finding and reporting CVE-2025-4918. The discovery ...
Security Boulevard1h
Scripting Outside the Box: API Client Security Risks (2/2)
Continuing on API client security, we cover more sandbox bypasses, this time in Bruno and Hoppscotch, as well as JavaScript ...
Mozilla Just Patched Two Firefox Zero-Days Discovered at a Hacking Contest
If you're a Firefox user, you need to update your browser. Mozilla has released a security patch for two zero-day ...
The Hacker News4d
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers
A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, ...
DataBreachToday5d
Breach Roundup: SAP NetWeaver Flaw Draws Hackers
SAP NetWeaver flaw drew hackers, zero days in Ivanti EPMM, DOGE employee’s credentials found in infostealer dumps and Nucor ...
CSO Online13d
Hackers booby trap NPM with cross-language imposter packages
Developers adept at multiple coding languages are tricked into installing a familiar-sounding package from within the Node ...
CSO Online14d
Fake resumes targeting HR managers now come with updated backdoor
The group uses legitimate messaging services and job platforms to apply for real jobs using fake malicious resumés that drop ...
Security Boulevard8h
What a Binance CAPTCHA solver tells us about today’s bot threats
In this post, we analyze an open-source CAPTCHA solver designed to bypass a custom challenge deployed on Binance, one of the ...
WordPress Scraper Plugin Compromised By Security Vulnerability
A critical vulnerability in a WordPress scraper autoblogging plugin allows unauthorized users to upload malicious files to ...
SecurityWeek11d
Russia-Linked APT Star Blizzard Uses ClickFix to Deploy New LostKeys Malware, Google Warns
Russia-linked APT Star Blizzard is using the ClickFix technique in recent attacks distributing the LostKeys malware.