A Chrome zero-day bug, CVE-2025-4664, exposes login tokens on Windows and Linux. Google has issued a fix, users should update immediately.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Russian national Rustam Gallyamov was indicted in the US for his leading role in the development and distribution of Qakbot malware.
The post Russian Qakbot Gang Leader Indicted in US appeared first on SecurityWeek.
SecurityWeek – Read More
CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments.
The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek.
SecurityWeek – Read More
From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater.
SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base.
This walkthrough covers what SafeLine is, how it works, and why it’s
The Hacker News – Read More
The elusive hacking group Careto was never publicly linked to a specific government, but TechCrunch has learned researchers concluded privately that the Spanish government was behind the group.
Security News | TechCrunch – Read More
A Chinese threat actor exploited a zero-day vulnerability in Trimble Cityworks to hack local government entities in the US.
The post Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
The DanaBot botnet ensnared over 300,000 devices and caused more than $50 million in damages before being disrupted.
The post DanaBot Botnet Disrupted, 16 Suspects Charged appeared first on SecurityWeek.
SecurityWeek – Read More
A Chinese espionage group has been chaining two recent Ivanti EPMM vulnerabilities in attacks against organizations in multiple critical sectors.
The post Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors appeared first on SecurityWeek.
SecurityWeek – Read More
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization.
The malware, the DoJ said, infected more than 300,000
The Hacker News – Read More
Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab’s artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites.
GitLab Duo is an artificial intelligence (AI)-powered coding assistant that enables users to write,
The Hacker News – Read More