software vulnerability

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Dec 03, 2025Ravie LakshmananMachine Learning / Vulnerability Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively…

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Dec 03, 2025Ravie LakshmananMalware / Web3 Security Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by…

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

Dec 02, 2025Ravie LakshmananRegulatory Compliance / Online Safety India’s Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked…

Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera

Dec 02, 2025The Hacker NewsIdentity Theft / Threat Intelligence A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and…

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

Dec 02, 2025Ravie LakshmananMalware / Blockchain The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools…

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Dec 02, 2025Ravie LakshmananAI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The package in question is eslint-plugin-unicorn-ts-2, which masquerades…

Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks

Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented…

SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities

Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts,…

Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild

Dec 02, 2025Ravie LakshmananMobile Security / Vulnerability Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild. The patch addresses a…

India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud

Dec 01, 2025Ravie LakshmananSurveillance / National Security India’s telecommunications ministry has reportedly asked major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days. According to…

« Previous
1
2
3
4
5
…
332
Next »