Forwarded from The Hacker News
🚨 One click from insider to admin?
A critical flaw in NetApp SnapCenter (CVE-2025-26512, CVSS 9.9) lets authenticated users escalate privileges to full admin—on remote systems.
SnapCenter powers enterprise backups—this isn’t niche, it’s everywhere.
🔗Read: https://thehackernews.com/2025/03/netapp-snapcenter-flaw-could-let-users.html
A critical flaw in NetApp SnapCenter (CVE-2025-26512, CVSS 9.9) lets authenticated users escalate privileges to full admin—on remote systems.
SnapCenter powers enterprise backups—this isn’t niche, it’s everywhere.
🔗Read: https://thehackernews.com/2025/03/netapp-snapcenter-flaw-could-let-users.html
Forwarded from The Hacker News
👀 6-year-old bugs are back—and being weaponized.
CISA just flagged two 2019 Sitecore RCE flaws (CVE-2019-9874 & 9875) as actively exploited.
But it doesn’t stop there:
➡️ Next.js auth bypass (CVE-2025-29927) is under live attack
➡️ DrayTek routers face fresh waves targeting old RCE/LFI bugs.
🔗 Details: https://thehackernews.com/2025/03/cisa-flags-two-six-year-old-sitecore.html
Old CVEs. New exploits. Patch now.
CISA just flagged two 2019 Sitecore RCE flaws (CVE-2019-9874 & 9875) as actively exploited.
But it doesn’t stop there:
➡️ Next.js auth bypass (CVE-2025-29927) is under live attack
➡️ DrayTek routers face fresh waves targeting old RCE/LFI bugs.
🔗 Details: https://thehackernews.com/2025/03/cisa-flags-two-six-year-old-sitecore.html
Old CVEs. New exploits. Patch now.
Forwarded from The Hacker News
🚨 150,000+ websites hijacked. Millions redirected.
Hackers are injecting malicious JavaScript into legit sites to push Chinese-language gambling ads—using fake Bet365 branding, fullscreen overlays, and iframe tricks.
🔗 Full story: https://thehackernews.com/2025/03/150000-sites-compromised-by-javascript.html
Hackers are injecting malicious JavaScript into legit sites to push Chinese-language gambling ads—using fake Bet365 branding, fullscreen overlays, and iframe tricks.
🔗 Full story: https://thehackernews.com/2025/03/150000-sites-compromised-by-javascript.html
Forwarded from The Hacker News
🔥 Still opening Office docs without checking? In 2025, that’s a major risk.
Hackers still use Word and Excel to deliver malware—no macros, no clicks.
Top threats: Phishing docs, fake logins, QR traps.
🛡️ Scan before you open. Learn more: https://thehackernews.com/2025/03/top-3-ms-office-exploits-hackers-use-in.html
Hackers still use Word and Excel to deliver malware—no macros, no clicks.
Top threats: Phishing docs, fake logins, QR traps.
🛡️ Scan before you open. Learn more: https://thehackernews.com/2025/03/top-3-ms-office-exploits-hackers-use-in.html
Forwarded from The Hacker News
🚨 Fake India Post site used to hack Windows & Android users!
APT36 (aka Transparent Tribe), linked to Pakistan, is behind a phishing site—postindia[.]site—targeting Indian citizens 🇮🇳
👉 Details that matter → https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html
💡 Stay sharp, don’t click blind.
APT36 (aka Transparent Tribe), linked to Pakistan, is behind a phishing site—postindia[.]site—targeting Indian citizens 🇮🇳
👉 Details that matter → https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html
💡 Stay sharp, don’t click blind.
Forwarded from The Hacker News
🛑 Shadow SaaS is your biggest blind spot—and CASB can’t save you.
New report reveals why traditional CASB tools fail to detect or stop unsanctioned apps, identity leaks, and data exfiltration.
🔍 80% of SaaS use is shadow IT
⚠️ API scanners can’t block live attacks
🧠 The fix? Security at the browser level
📄 Read the report: https://thehackernews.com/2025/03/new-report-explains-why-casb-solutions.html
New report reveals why traditional CASB tools fail to detect or stop unsanctioned apps, identity leaks, and data exfiltration.
🔍 80% of SaaS use is shadow IT
⚠️ API scanners can’t block live attacks
🧠 The fix? Security at the browser level
📄 Read the report: https://thehackernews.com/2025/03/new-report-explains-why-casb-solutions.html
Forwarded from The Hacker News
🔥 Ransomware cartels are sharing weapons.
A custom EDR killer tool—EDRKillShifter—built by RansomHub is now turning up in attacks by Medusa, BianLian, and Play, per ESET.
Used to silently shut down security defenses via a BYOVD attack—before encrypting your systems.
Even “closed” RaaS gangs like BianLian are repurposing tools from rivals.
🔗 Read full report: https://thehackernews.com/2025/03/hackers-repurpose-ransomhubs.html
A custom EDR killer tool—EDRKillShifter—built by RansomHub is now turning up in attacks by Medusa, BianLian, and Play, per ESET.
Used to silently shut down security defenses via a BYOVD attack—before encrypting your systems.
Even “closed” RaaS gangs like BianLian are repurposing tools from rivals.
🔗 Read full report: https://thehackernews.com/2025/03/hackers-repurpose-ransomhubs.html
Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
Oblivion - Unofficial Warp Client for Android
Provides secure, optimized internet access through a user-friendly Android app using cloudflare warp technology, leveraging bepass-sdk and a custom Go implementation of WireGuard, designed for fast and private online experiences.
🔗 Links:
- Download
- Screenshots
- Features
- Source code
Developer: bepass-org
❤️ Special thanks to @rizkym2999 for recommending!
🏷️ Tags: #Android #Tools #Connectivity
Provides secure, optimized internet access through a user-friendly Android app using cloudflare warp technology, leveraging bepass-sdk and a custom Go implementation of WireGuard, designed for fast and private online experiences.
🔗 Links:
- Download
- Screenshots
- Features
- Source code
Developer: bepass-org
❤️ Special thanks to @rizkym2999 for recommending!
🏷️ Tags: #Android #Tools #Connectivity
Forwarded from The Hacker News
🚨 Phishing just got personal.
A PhaaS kit called Morphing Meerkat fakes login pages for 114+ brands—using your DNS MX records to mimic your email provider (Gmail, Outlook, Yahoo).
It’s global, stealthy, and drops stolen creds via Telegram.
👀 Uses WordPress hacks, ad redirects (even DoubleClick), and blocks right-clicks + hotkeys.
🔗 Read: https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html
A PhaaS kit called Morphing Meerkat fakes login pages for 114+ brands—using your DNS MX records to mimic your email provider (Gmail, Outlook, Yahoo).
It’s global, stealthy, and drops stolen creds via Telegram.
👀 Uses WordPress hacks, ad redirects (even DoubleClick), and blocks right-clicks + hotkeys.
🔗 Read: https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html
Forwarded from Android Security & Malware
A Blueprint of Android Activity Lifecycle
https://8ksec.io/a-blueprint-of-android-activity-lifecycle/
https://8ksec.io/a-blueprint-of-android-activity-lifecycle/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
A Blueprint of Android Activity Lifecycle - 8kSec
Introduction The Android Activity lifecycle is a sequence of state changes and callbacks that every Android Activity goes through from creation to destruction.Understanding the Android Activity lifecycle is important not only for developers aiming to build…
Forwarded from Gizchina.com
Xiaomi to Introduce a New Call Screen Layout with HyperOS Global Update
https://www.gizchina.com/2025/03/27/xiaomi-to-introduce-a-new-call-screen-layout-with-hyperos-global-update/
https://www.gizchina.com/2025/03/27/xiaomi-to-introduce-a-new-call-screen-layout-with-hyperos-global-update/
Forwarded from Gizchina.com
Nintendo releases “Nintendo Today” official information app
https://www.gizchina.com/2025/03/27/nintendo-releases-nintendo-today-official-information-app/
https://www.gizchina.com/2025/03/27/nintendo-releases-nintendo-today-official-information-app/
Forwarded from Gizchina.com
Dimensity 9500 Specs Leak: MediaTek’s Gamble on Power?
https://www.gizchina.com/2025/03/27/dimensity-9500-specs-leak-mediateks-gamble-on-power/
https://www.gizchina.com/2025/03/27/dimensity-9500-specs-leak-mediateks-gamble-on-power/
Forwarded from #TBOT: Take Back Our Tech
Media is too big
VIEW IN TELEGRAM
⚡️Above DataSIM is Now Available
@takebackourtech
We’ve been working on the Above DataSIM for a year, with over 6 months of testing. This is a cell service that is data only, using a virtual SIM instead of a physical SIM. Data is serviced through multiple providers, with no telephone or SMS features. You can use with a VPN to encrypt all of your internet traffic, and it is SIM swap resistant, it can’t be used in 2 factor authentication.
This setup is streamlined, you can be up and running in less than 5 minutes! Available now in the US, Canda, Australia, New Zealand, Mexico, UK & Europe.
Sign up FREE to watch more webinar clips here.
—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech
@takebackourtech
We’ve been working on the Above DataSIM for a year, with over 6 months of testing. This is a cell service that is data only, using a virtual SIM instead of a physical SIM. Data is serviced through multiple providers, with no telephone or SMS features. You can use with a VPN to encrypt all of your internet traffic, and it is SIM swap resistant, it can’t be used in 2 factor authentication.
This setup is streamlined, you can be up and running in less than 5 minutes! Available now in the US, Canda, Australia, New Zealand, Mexico, UK & Europe.
Sign up FREE to watch more webinar clips here.
—
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER | XMPP
Follow 🫶 @takebackourtech
Forwarded from Hacker News
/
Kaspersky exposes hidden malware on GitHub stealing personal data and $485,000 in Bitcoin
Kaspersky Global Research & Analysis Team (GReAT) discovered hundreds of open source repositories with multistaged malware targeting gamers and cryptoinvestors within a new campaign that was dubbed by Kaspersky as GitVenom. The infected projects include an…
Forwarded from Hacker News
LibreNews
This Linux laptop maker called me a Zombie
Two years ago I was contacted by a company called MALIBAL.
They were interested in a sponsorship, where I would simply put their link in the video description and get money for it.
I did a quick background check, and they seemed like a proper Linux hardware…
They were interested in a sponsorship, where I would simply put their link in the video description and get money for it.
I did a quick background check, and they seemed like a proper Linux hardware…