Skip to content
the hacker news Page 145

the hacker news

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Feb 18, 2025Ravie LakshmananVulnerability / Enterprise Security Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol… 

Read More »New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials
Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

Feb 18, 2025Ravie LakshmananMalware / Website Hacking Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in… 

Read More »Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics

Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics

Feb 17, 2025Ravie LakshmananEndpoint Security / Malware Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. “Its first known variant… 

Read More »Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

Feb 17, 2025Ravie LakshmananArtificial Intelligence / Data Protection South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to… 

Read More »South Korea Suspends DeepSeek AI Downloads Over Privacy Violations
New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations

New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations

Feb 17, 2025Ravie LakshmananThreat Intelligence / Cyber Attack Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions… 

Read More »New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations
Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls

Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls

Feb 15, 2025Ravie LakshmananMobile Security / Technology Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call… 

Read More »Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls
New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

Feb 14, 2025Ravie LakshmananVulnerability / DevOps Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain… 

Read More »New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

Feb 14, 2025Ravie LakshmananBrowser Security / Cryptocurrency The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against… 

Read More »Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks