News

The Hacker News1d
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
Fortinet warns attackers used symlink exploits to retain access post-patch, prompting urgent FortiOS updates and SSL-VPN ...
The Hacker News3d
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Incomplete fix for CVE-2024-0132 in NVIDIA Toolkit leaves Linux Docker hosts vulnerable to container escapes and DoS attacks.
The Hacker News2d
SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps
SpyNote malware disguised as Chrome installs hidden APKs via fake Play Store pages, stealing sensitive Android data.
The Hacker News1d
AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections
Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that's ...
The Hacker News5d
âš¡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Surge and More
This week, we trace how simple oversights turn into major breaches — and the silent threats most companies still ...
The Hacker News2d
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
A critical OttoKit plugin flaw CVE-2025-3102 exploited within hours lets attackers create admin accounts unchecked.
The Hacker News2d
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
Lovable AI scored 1.8 on VibeScamming tests, enabling full scam creation with minimal guardrails, risking mass phishing abuse ...
The Hacker News3d
Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine
Gamaredon breached a Western military mission on Feb 26, 2025, using upgraded GammaSteel malware and new obfuscation tactics.
The Hacker News5d
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an ...
The Hacker News4d
PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
CVE-2025-29824 exploited via PipeMagic malware escalated SYSTEM privileges, leading to targeted ransomware attacks.
The Hacker News5d
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
CERT-UA identifies GIFTEDCROOK malware stealing browser data via phishing Excel files in attacks targeting Ukrainian ...
The Hacker News5d
CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure ...