News

The Hacker News18h
DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks
Earlier this month, Google-owned Mandiant also revealed that another security flaw in ICS (CVE-2025-22457) has been ...
The Hacker News16h
Why NHIs Are Security's Most Dangerous Blind Spot
Non-Human Identities, for the most part, authenticate using secrets: API keys, tokens, certificates, and other credentials ...
The Hacker News15h
New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework
"SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing an unauthenticated ...
The Hacker News16h
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully ...
The Hacker News16h
Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
xrpl.js is a popular JavaScript API for interacting with the XRP Ledger blockchain, also called the Ripple Protocol, a ...
The Hacker News13h
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
"In 2023, UNC3782 conducted phishing operations against TRON users and transferred more than $137 million USD worth of assets in a single day," the company noted. "UNC3782 launched a campaign in 2024 ...