The Hacker News

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch

KrustyLoader, first detailed by Synacktiv in January 2024, is a Rust-based loader previously put to use by a China-nexus ...
The Hacker News

Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys

Malicious NuGet package mimicking Nethereum stole crypto wallet keys using homoglyph tricks and fake downloads.
The Hacker News

Bridging the Remediation Gap: Introducing Pentera Resolve

The Continuous Threat Exposure Management (CTEM) framework was introduced to help organizations address this challenge, ...
The Hacker News

Why You Should Swap Passwords for Passphrases

Passphrases aren't a silver bullet. MFA still matters. Compromised credential monitoring still matters. But if you're ...
The Hacker News

Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware

Neursite utilizes an embedded configuration to connect to the C2 server and uses TCP, SSL, HTTP and HTTPS protocols for ...
The Hacker News

TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution

High-severity TARmageddon flaw (CVE-2025-62518) in Rust’s async-tar libraries enables RCE via header parsing bug.
The Hacker News

TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution

TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution.