software vulnerability

Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Jan 07, 2026Ravie LakshmananEmail Security / Financial Fraud Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations’ domains and distribute emails that appear as if they have…

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

Jan 07, 2026Ravie LakshmananNetwork Security / Vulnerability A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3),…

Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users

Cybersecurity researchers have discovered two new malicious extensions on the Chrome Web Store that are designed to exfiltrate OpenAI ChatGPT and DeepSeek conversations alongside browsing data to servers under the attackers’ control. The names of…

Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover

Jan 06, 2026Ravie LakshmananIoT Security / Vulnerability The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain…

Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat

Jan 06, 2026Ravie LakshmananMalware / Endpoint Security Source: Securonix Cybersecurity researchers have disclosed details of a new campaign dubbed PHALT#BLYX that has leveraged ClickFix-style lures to display fixes for fake blue screen of death (BSoD)…

What is Identity Dark Matter?

Jan 06, 2026The Hacker NewsSaaS Security / Enterprise Security The Invisible Half of the Identity Universe Identity used to live in one place – an LDAP directory, an HR system, a single IAM portal. Not…

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

Jan 06, 2026Ravie LakshmananThreat Intelligence / Cloud Security Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are…

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

Jan 06, 2026Ravie LakshmananVulnerability / DevOps A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying…

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

Jan 06, 2026Ravie LakshmananVulnerability / Web Security Users of the “@adonisjs/bodyparser” npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could…

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

Jan 05, 2026Ravie LakshmananCyber Espionage / Windows Security The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives.…

« Previous
1
…
5
6
7
8
9
…
351
Next »