The Hacker News4 小时
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware
Crazy Evil, active since 2021, has stolen over $5M via crypto scams, malware like AMOS, and phishing, targeting both Windows ...
The Hacker News1 天
Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists
Meta-owned WhatsApp disrupted a zero-click spyware campaign by Paragon Solutions, targeting 90 journalists and activists.
The Hacker News1 天
Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts
Malvertising targets Microsoft advertisers via fake Google ads, stealing credentials with phishing pages mimicking ...
The Hacker News2 天
CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
Unpatched vulnerabilities in Contec CMS8000 patient monitors expose devices to remote access, file overwrites, and data leaks ...
The Hacker News1 天
BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key
BeyondTrust breach impacted 17 SaaS customers via compromised API key linked to Silk Typhoon; U.S. Treasury affected.
The Hacker News4 天
Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
Critical zero-day vulnerability CVE-2024-40891 in Zyxel CPE devices is under active attack, affecting 1,500+ devices.
The Hacker News2 天
Google Bans 158,000 Malicious Android App Developer Accounts in 2024
Google blocked 2.36M harmful Android apps in 2024, banned 158K developers, and secured 10M devices from 36M risky installs to ...
The Hacker News4 天
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
Lazarus Group’s Phantom Circuit hit 233 victims with trojanized software, using React and Node.js for control.
The Hacker News3 天
Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft
Broadcom patches five VMware Aria Operations flaws, including CVE-2025-22218 (CVSS 8.5), preventing credential leaks and ...
The Hacker News2 天
U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network
U.S. and Dutch agencies dismantled 39 domains tied to $3M BEC fraud schemes run by Saim Raza since 2020 in Operation Heart ...
The Hacker News3 天
Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter
Severe Lightning AI flaw (CVSS 9.4) enabled remote root execution via hidden URL parameter—patched post-October 2024 ...
The Hacker News3 天
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations
APT groups from China, Iran, North Korea, and Russia use AI for cyber operations, phishing, and reconnaissance, raising ...