Skip to content
hacker news Page 131

hacker news

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

Mar 17, 2025Ravie LakshmananVulnerability / Web Security A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours… 

Read More »Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year

Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year

Mar 17, 2025Ravie LakshmananBotnet / Vulnerability An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability… 

Read More »Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users’ Actions

Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users’ Actions

Mar 17, 2025Ravie LakshmananWeb Security / Cyber Threat Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users’… 

Read More »Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users’ Actions
Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

Mar 17, 2025Ravie LakshmananCybersecurity / Hacking News From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting… 

Read More »Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

Mar 17, 2025Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous… 

Read More »GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Mar 15, 2025Ravie Lakshmanan Malware / Supply Chain Security Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but… 

Read More »Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges

Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges

Mar 14, 2025Ravie LakshmananCybercrime / Ransomware A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months… 

Read More »Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging

GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging

Mar 14, 2025Ravie LakshmananMobile Security / Encryption The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to… 

Read More »GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging