Skip to content
the hacker news Page 155

the hacker news

New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like… 

Read More »New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

Jan 29, 2025Ravie LakshmananVulnerability / Threat Intelligence A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution… 

Read More »Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

Jan 29, 2025Ravie LakshmananCyber Espionage / Threat Intelligence The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal… 

Read More »UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Jan 29, 2025Ravie LakshmananVulnerability / Software Security Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked… 

Read More »Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

Jan 29, 2025Ravie LakshmananVulnerability / Network Security Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. “Attackers can leverage this vulnerability to… 

Read More »Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks

PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks

Jan 28, 2025Ravie LakshmananPhishing Attack / Network Security A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in… 

Read More »PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking

OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking

Jan 28, 2025Ravie Lakshmanan Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. “By exploiting this flaw, attackers can gain unauthorized access… 

Read More »OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking