Forwarded from The Hacker News
🚨 Hackers could have owned your AWS servers—easily.
A flaw in Amazon’s SSM Agent let attackers write scripts with root access by gaming plugin IDs (../).
If you haven’t updated—you're still at risk.
👀 Read more: https://thehackernews.com/2025/04/amazon-ec2-ssm-agent-flaw-patched-after.html
A flaw in Amazon’s SSM Agent let attackers write scripts with root access by gaming plugin IDs (../).
If you haven’t updated—you're still at risk.
👀 Read more: https://thehackernews.com/2025/04/amazon-ec2-ssm-agent-flaw-patched-after.html
Forwarded from The Hacker News
🚨 Critical alert for Fortinet users! A 9.3 CVSS flaw (CVE-2024-48887) in FortiSwitch lets hackers remotely change admin passwords — no login needed.
🔧 Fix it: Upgrade ASAP (7.6.1+, 7.4.5+, 7.2.9+, 7.0.11+, 6.4.15+)
⚡ No exploits yet—but Fortinet bugs have been weaponized before.
👉 Full details: https://thehackernews.com/2025/04/fortinet-urges-fortiswitch-upgrades-to.html
🔧 Fix it: Upgrade ASAP (7.6.1+, 7.4.5+, 7.2.9+, 7.0.11+, 6.4.15+)
⚡ No exploits yet—but Fortinet bugs have been weaponized before.
👉 Full details: https://thehackernews.com/2025/04/fortinet-urges-fortiswitch-upgrades-to.html
Forwarded from Hacker News
Ask HN: Do you still use search engines?
Article, Comments
Article, Comments
Forwarded from Hacker News
GitHub
GitHub - coroot/coroot: Coroot is an open-source observability and APM tool with AI-powered Root Cause Analysis. It combines metrics…
Coroot is an open-source observability and APM tool with AI-powered Root Cause Analysis. It combines metrics, logs, traces, continuous profiling, and SLO-based alerting with predefined dashboards a...
Forwarded from Hacker News
Forwarded from 𝗽𝗼𝗽𝗠𝗢𝗗𝗦 | 𝗙𝗢𝗦𝗦, 𝗟𝗶𝗳𝗲, 𝗠𝗲𝗺𝗲𝘀 (Ömer)
Online Tools
Online tools offer many functions for hashing, encoding, decoding, encryption, decryption, formatting, generating and so on. Examples include MD5, SHA-256, SHA-512, SHA-3, Keccak, Base64, Base32, JSON, XML, and QR code related tools.
🔗 Links:
- Website
- Source code
Developer: emn178
❗ Friendly reminder:
Online tools offer many functions for hashing, encoding, decoding, encryption, decryption, formatting, generating and so on. Examples include MD5, SHA-256, SHA-512, SHA-3, Keccak, Base64, Base32, JSON, XML, and QR code related tools.
🔗 Links:
- Website
- Source code
Developer: emn178
❗ Friendly reminder:
If you find it useful, You may star the repo, donate to the developer, or perhaps you may also contribute to the development of this project.🏷️ Tags: #Website #Utilities
Forwarded from It's FOSS
Firefox's new experimental AI feature looks like it could work. 🤖
https://news.itsfoss.com/firefox-ai-link-previews/
https://news.itsfoss.com/firefox-ai-link-previews/
It's FOSS News
I Tried This Upcoming AI Feature in Firefox
Firefox will be bringing an experimental AI-generated link previews, offering quick on-device summaries. Here's my quick experience with it.
Forwarded from ATT • Tech News (Agam)
WhatsApp Will Soon Block Media Saving and Chat Exports for Better Privacy
The latest WhatsApp beta version
It is not sure if this feature blocks screenshots or manually saving the file.
It will also let everyone know that you have turned on advanced chat privacy, whether it’s a one-on-one thread or a group chat.
🔗 Beebom
🧑💻 @agamtechtricks
The latest WhatsApp beta version
2.25.11.2 for Android has a new Advanced chat privacy feature, which blocks anyone trying to export a chat, showing a pop-up instead. With this enabled, media shared won't be saved on the recipient’s device automatically, handy for sensitive photos or videos.It is not sure if this feature blocks screenshots or manually saving the file.
It will also let everyone know that you have turned on advanced chat privacy, whether it’s a one-on-one thread or a group chat.
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from The Hacker News
🚨 Critical alert: 30 new security flaws found in Adobe ColdFusion—11 rated Critical.
⚡ Top threats: arbitrary code execution, file system read, security bypass.
CVE-2025-24446 | CVSS 9.1
CVE-2025-24447 | CVSS 9.1
CVE-2025-30281 | CVSS 9.1
(and more)
No active exploits yet—but don’t wait.
🔗 Update now or risk being the next headline: https://thehackernews.com/2025/04/adobe-patches-11-critical-coldfusion.html
⚡ Top threats: arbitrary code execution, file system read, security bypass.
CVE-2025-24446 | CVSS 9.1
CVE-2025-24447 | CVSS 9.1
CVE-2025-30281 | CVSS 9.1
(and more)
No active exploits yet—but don’t wait.
🔗 Update now or risk being the next headline: https://thehackernews.com/2025/04/adobe-patches-11-critical-coldfusion.html
Forwarded from The Hacker News
🔥 Security teams are drowning in complexity—and AI copilots aren't a future fix. They're already critical in 2025.
From instant policy answers to auto-summarizing risk reports, AI is reshaping how top teams stay ahead.
🧠 But AI isn’t magic. Humans still rule judgment.
How the smartest teams are striking the balance 👉 https://thehackernews.com/expert-insights/2025/04/supercharging-security-compliance-with.html
From instant policy answers to auto-summarizing risk reports, AI is reshaping how top teams stay ahead.
🧠 But AI isn’t magic. Humans still rule judgment.
How the smartest teams are striking the balance 👉 https://thehackernews.com/expert-insights/2025/04/supercharging-security-compliance-with.html
Forwarded from The Hacker News
Microsoft’s April update patches 126 flaws—but CVE-2025-29824, already exploited in ransomware attacks, has no fix for Windows 10.
🔗 More details: https://thehackernews.com/2025/04/microsoft-patches-126-flaws-including.html
CISA demands federal agencies patch by April 29.
🔗 More details: https://thehackernews.com/2025/04/microsoft-patches-126-flaws-including.html
CISA demands federal agencies patch by April 29.
Forwarded from The Hacker News
🚨 New Windows zero-day (CVE-2025-29824) exploited in ransomware attacks!
⚡ Attackers used PipeMagic malware, hidden in MSBuild files, and hijacked legit sites to spread payloads. Linked to RansomEXX gang.
Full report 👉 https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html
🔒 Patch ASAP if you haven't!
⚡ Attackers used PipeMagic malware, hidden in MSBuild files, and hijacked legit sites to spread payloads. Linked to RansomEXX gang.
Full report 👉 https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html
🔒 Patch ASAP if you haven't!
Forwarded from The Hacker News
🚨 New CISA Alert!
Gladinet CentreStack flaw (CVE-2025-30406, CVSS 9.0) is actively exploited.
▶️ Hard-coded machineKey enables remote code execution.
▶️ Exploited as a zero-day in March 2025.
🔗 Details: https://thehackernews.com/2025/04/cisa-warns-of-centrestacks-hard-coded.html
Patch or rotate keys now.
Gladinet CentreStack flaw (CVE-2025-30406, CVSS 9.0) is actively exploited.
▶️ Hard-coded machineKey enables remote code execution.
▶️ Exploited as a zero-day in March 2025.
🔗 Details: https://thehackernews.com/2025/04/cisa-warns-of-centrestacks-hard-coded.html
Patch or rotate keys now.