The Hacker News

Oscorp Android Malware Morphs into UBEL Botnet to Steal User Credentials

Advertised on underground forums for $980, UBEL, like its predecessor, requests for intrusive permissions to steal sensitive information such as login credentials and two-factor authentication codes.

Iranian Hacker Group Tortoiseshell Posed as Aerobics Instructor for Years to Target Aerospace Employees

An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware.

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email

The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and reported in Zimbra 8.8.15 by researchers from security solutions provider SonarSource in May 2021.

Several Bugs Found in 3 Open-Source Software Used by Several Businesses

Cybersecurity researchers disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses.

Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam

A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts.

StrongPity APT Hackers Distributed Android Trojan via Syrian e-Government Portal

An APT actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims.

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

The flaw, which is rated 9.8 out of a maximum of 10 on the CVSS severity scale, affects WebLogic Server versions 11.1.2.4 and 11.2.5.0 and exists within the Oracle Hyperion Infrastructure Technology.

New Windows and Linux Flaws Give Attackers Highest System Privileges

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access.

Several New Critical Flaws Affect CODESYS Industrial Automation Software

Researchers disclosed security vulnerabilities impacting CODESYS automation software and the WAGO PLC platform that could be remotely exploited to take control of a company's cloud OT infrastructure.

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags