HackenPost blogs - Page 78 of 88

Data Breaches

Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

Government and telecommunications sectors in Southeast Asia have become the target of a “sophisticated” campaign undertaken by a…

April 28, 2025

Data Breaches

WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors

Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging…

April 28, 2025

Data Breaches

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks…

April 28, 2025

Data Breaches

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud…

April 27, 2025

Data Breaches

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed…

April 26, 2025

Data Breaches

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute…

April 25, 2025

Data Breaches

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the…

April 25, 2025

Data Breaches

Why NHIs Are Security’s Most Dangerous Blind Spot

When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt.…

April 25, 2025

Data Breaches

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited,…

April 25, 2025

Data Breaches

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Cybersecurity researchers are warning about a new malware called DslogdRAT that’s installed following the exploitation of a now-patched…

April 25, 2025

Hand-Picked Top-Read Stories

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

Trending Tags

Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

Why NHIs Are Security’s Most Dangerous Blind Spot

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability