Forwarded from The Hacker News
⚠️ Your Device Might Be Part of the Largest CTV Botnet Ever!
Cybercriminals are exploiting cheap Android devices to build a massive botnet for:
🔹 Ad fraud & fake clicks
🔹 Residential proxy abuse
🔹 DDoS attacks & account takeovers
🔹 Hidden malware pre-installed in devices
Learn more: https://thehackernews.com/2025/03/badbox-20-botnet-infects-1-million.html
💀 1M+ devices infected worldwide, mostly in Brazil, US, & Mexico. Google removed 24 malicious apps, but the operation is still evolving.
Cybercriminals are exploiting cheap Android devices to build a massive botnet for:
🔹 Ad fraud & fake clicks
🔹 Residential proxy abuse
🔹 DDoS attacks & account takeovers
🔹 Hidden malware pre-installed in devices
Learn more: https://thehackernews.com/2025/03/badbox-20-botnet-infects-1-million.html
💀 1M+ devices infected worldwide, mostly in Brazil, US, & Mexico. Google removed 24 malicious apps, but the operation is still evolving.
Forwarded from The Hacker News
🚨 China-linked MirrorFace just carried out a stealthy attack on a European diplomatic group—using:
🔹 ANEL backdoor—revived after 6 years
🔹 AsyncRAT & HiddenFace malware
🔹 Stealthy access via VS Code Remote Tunnels
Learn more: https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html
🔹 ANEL backdoor—revived after 6 years
🔹 AsyncRAT & HiddenFace malware
🔹 Stealthy access via VS Code Remote Tunnels
Learn more: https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html
Forwarded from The Hacker News
🚨 331 Malicious Android Google Play Apps, 60 Million+ Downloads!
The Vapor scam used:
🔹 Full-screen ads—locking devices
🔹 Phishing attacks—stealing credentials & credit cards
🔹 Hidden icons & impersonation—evading detection
🔹 Versioning tricks—turning clean apps malicious later
⚠️ Check your phone NOW. Delete suspicious apps!
🔗 Full details — https://thehackernews.com/2025/03/new-ad-fraud-campaign-exploits-331-apps.html
The Vapor scam used:
🔹 Full-screen ads—locking devices
🔹 Phishing attacks—stealing credentials & credit cards
🔹 Hidden icons & impersonation—evading detection
🔹 Versioning tricks—turning clean apps malicious later
⚠️ Check your phone NOW. Delete suspicious apps!
🔗 Full details — https://thehackernews.com/2025/03/new-ad-fraud-campaign-exploits-331-apps.html
Forwarded from The Hacker News
🚨 Critical AMI BMC Vulnerability (CVE-2024-54085) – CVSS 10.0!
A severe authentication bypass flaw allows attackers to:
🔹 Remotely control servers & deploy malware
🔹 Tamper with firmware, brick motherboards & cause reboot loops
🔹 Potentially damage hardware
⚠️ Affected: HPE, ASUS, ASRockRack & more
🔗 Read more: https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html
📢 Admins: Patch ASAP! Patches released (March 11, 2025), OEM updates required.
A severe authentication bypass flaw allows attackers to:
🔹 Remotely control servers & deploy malware
🔹 Tamper with firmware, brick motherboards & cause reboot loops
🔹 Potentially damage hardware
⚠️ Affected: HPE, ASUS, ASRockRack & more
🔗 Read more: https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html
📢 Admins: Patch ASAP! Patches released (March 11, 2025), OEM updates required.
Forwarded from The Hacker News
🚨 WARNING: Windows Zero-Day!
A still-unpatched flaw (ZDI-CAN-25373) in Windows has been actively exploited since 2017 by state-backed hackers from China, Russia, Iran & North Korea for cyber espionage & data theft.
🔹 1,000+ malicious .LNK files discovered
🔹 Targets: Governments, banks, telecoms, defense sectors
Learn more: https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html
Microsoft won’t release a patch, citing “low severity”
A still-unpatched flaw (ZDI-CAN-25373) in Windows has been actively exploited since 2017 by state-backed hackers from China, Russia, Iran & North Korea for cyber espionage & data theft.
🔹 1,000+ malicious .LNK files discovered
🔹 Targets: Governments, banks, telecoms, defense sectors
Learn more: https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html
Microsoft won’t release a patch, citing “low severity”
Forwarded from The Hacker News
🔥 Breaking: Google is acquiring cloud security firm Wiz for $32 Billion—its largest deal in history.
💰 Largest acquisition in Google’s history
🛡️ Boosts AI-powered cloud security
🌍 Wiz remains independent, still working with AWS, Azure, Oracle
https://thehackernews.com/2025/03/google-acquires-wiz-for-32-billion-in.html
💰 Largest acquisition in Google’s history
🛡️ Boosts AI-powered cloud security
🌍 Wiz remains independent, still working with AWS, Azure, Oracle
https://thehackernews.com/2025/03/google-acquires-wiz-for-32-billion-in.html
Forwarded from The Hacker News
🚨 Android Threat Hunters, Your Job Just Got Easier!
ANY.RUN has just released a brand-new OS designed for real-time Android threat analysis inside a secure sandbox environment.
Now, businesses and security teams can:
✅ Detect Android threats faster
🔍 Investigate APK behavior in real time
⚡ Speed up incident response
💰 Reduce cybersecurity costs
Best part? It’s available for all plans—even FREE users!
👉 Try now: https://thn.news/malware-sandbox-android-tg
ANY.RUN has just released a brand-new OS designed for real-time Android threat analysis inside a secure sandbox environment.
Now, businesses and security teams can:
✅ Detect Android threats faster
🔍 Investigate APK behavior in real time
⚡ Speed up incident response
💰 Reduce cybersecurity costs
Best part? It’s available for all plans—even FREE users!
👉 Try now: https://thn.news/malware-sandbox-android-tg
Forwarded from The Hacker News
🚨 Is Your Okta Environment Secure? Even with best practices, misconfigurations and identity sprawl can leave your system exposed.
⚠️ Key risks:
➝ Inactive admin accounts & weak MFA
➝ Misconfigured security settings
➝ Forgotten API tokens granting access
➝ Lingering access for ex-employees
🔗 Learn how to protect your identity infrastructure: https://thehackernews.com/2025/03/how-to-improve-okta-security-in-four.html
⚠️ Key risks:
➝ Inactive admin accounts & weak MFA
➝ Misconfigured security settings
➝ Forgotten API tokens granting access
➝ Lingering access for ex-employees
🔗 Learn how to protect your identity infrastructure: https://thehackernews.com/2025/03/how-to-improve-okta-security-in-four.html
Forwarded from The Hacker News
🛑 New Rules File Backdoor attack lets hackers poison AI-powered tools like GitHub Copilot & Cursor, injecting hidden malicious code into projects.
🔹 Invisible backdoors via Unicode tricks
🔹 Supply chain risk—spreads across repos
🔹 No alerts—developers unknowingly ship compromised code
Review AI-generated code carefully—your “trusted assistant” might be compromised.
🔗 Learn more: https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html
🔹 Invisible backdoors via Unicode tricks
🔹 Supply chain risk—spreads across repos
🔹 No alerts—developers unknowingly ship compromised code
Review AI-generated code carefully—your “trusted assistant” might be compromised.
🔗 Learn more: https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html
Forwarded from The Hacker News
🚨 GitHub Actions are under attack!
A supply chain attack hit tj-actions/changed-files, leaking AWS keys, GitHub PATs & more. CISA confirms active exploitation.
🔹 CVE-2025-30066 (CVSS 8.6)
🔹 Attack spread via another compromised Action
🔹 Sensitive secrets exposed via logs
Details: https://thehackernews.com/2025/03/cisa-warns-of-active-exploitation-in.html
⚠️ Rotate secrets, audit workflows, pin actions to commits—this won’t be the last attack.
A supply chain attack hit tj-actions/changed-files, leaking AWS keys, GitHub PATs & more. CISA confirms active exploitation.
🔹 CVE-2025-30066 (CVSS 8.6)
🔹 Attack spread via another compromised Action
🔹 Sensitive secrets exposed via logs
Details: https://thehackernews.com/2025/03/cisa-warns-of-active-exploitation-in.html
⚠️ Rotate secrets, audit workflows, pin actions to commits—this won’t be the last attack.
Forwarded from The Hacker News
🚨 Critical SCADA Flaws — Researchers uncovered 2 critical vulnerabilities (CVSS 9.3) in mySCADA myPRO, allowing attackers to execute system commands & hijack operations.
🔹 CVE-2025-20014 & CVE-2025-20061
🔹 Full Industrial Network Compromise Possible
Details here: https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html
🔹 CVE-2025-20014 & CVE-2025-20061
🔹 Full Industrial Network Compromise Possible
Details here: https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html
Forwarded from The Hacker News
🚨 ClearFake Malware Spreading Fast!
Hackers use fake reCAPTCHA & Cloudflare checks to deploy Lumma & Vidar Stealer malware.
🔹 9,300+ infected sites
🔹 200,000+ users exposed (July 2024)
🔹 Now using Binance Smart Chain for stealth
Learn more: https://thehackernews.com/2025/03/clearfake-infects-9300-sites-uses-fake.html
Hackers use fake reCAPTCHA & Cloudflare checks to deploy Lumma & Vidar Stealer malware.
🔹 9,300+ infected sites
🔹 200,000+ users exposed (July 2024)
🔹 Now using Binance Smart Chain for stealth
Learn more: https://thehackernews.com/2025/03/clearfake-infects-9300-sites-uses-fake.html
Forwarded from The Hacker News
🛡 Top 7 AI Risk Mitigation Strategies
AI security secrets? Discover the 7 essential concepts, techniques, and mitigation strategies for securing your AI pipelines.
Learn more: https://thn.news/genai-security-cheat-sheet
AI security secrets? Discover the 7 essential concepts, techniques, and mitigation strategies for securing your AI pipelines.
Learn more: https://thn.news/genai-security-cheat-sheet
Forwarded from The Hacker News
⚠️ SaaS identity attacks are exploding!
Hackers are stealing credentials, hijacking logins, and abusing privileges—yet most security tools overlook SaaS identity threats.
🛡️ The Fix? Identity Threat Detection & Response (ITDR)
🔗 Secure SaaS now → https://thehackernews.com/2025/03/5-identity-threat-detection-response.html
Hackers are stealing credentials, hijacking logins, and abusing privileges—yet most security tools overlook SaaS identity threats.
🛡️ The Fix? Identity Threat Detection & Response (ITDR)
🔗 Secure SaaS now → https://thehackernews.com/2025/03/5-identity-threat-detection-response.html
Forwarded from The Hacker News
🔥 Russia’s Role in Cybercrime Just Got Exposed!
200,000+ leaked messages expose direct ties between the ransomware gang & Russian officials.
🔹 AI-powered fraud & malware dev
🔹 Leader escaped via a "green corridor"
Read the full story 👇 https://thehackernews.com/2025/03/leaked-black-basta-chats-suggest.html
200,000+ leaked messages expose direct ties between the ransomware gang & Russian officials.
🔹 AI-powered fraud & malware dev
🔹 Leader escaped via a "green corridor"
Read the full story 👇 https://thehackernews.com/2025/03/leaked-black-basta-chats-suggest.html
Forwarded from The Hacker News
🚨 Severe PHP Flaw Under Attack.
Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers.
🔹 54% of attacks target Taiwan
🔹 5% deploy XMRig miner
🔹 PHP CGI mode at risk
Patch NOW before your servers become a battleground.
🔗 Learn more: https://thehackernews.com/2025/03/hackers-exploit-severe-php-flaw-to.html
Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers.
🔹 54% of attacks target Taiwan
🔹 5% deploy XMRig miner
🔹 PHP CGI mode at risk
Patch NOW before your servers become a battleground.
🔗 Learn more: https://thehackernews.com/2025/03/hackers-exploit-severe-php-flaw-to.html
Forwarded from Police frequency
This media is not supported in your browser
VIEW IN TELEGRAM
DEVELOPING! Hidden Bluetooth Chip Commands Could Put a Billion Devices at Risk.
Undocumented commands in a popular Bluetooth chip could allow hackers to spoof devices and access data.
Undocumented commands in a popular Bluetooth chip could allow hackers to spoof devices and access data.
Forwarded from
The ESP32 Bluetooth Backdoor That Wasn’t.
https://hackaday.com/2025/03/10/the-esp32-bluetooth-backdoor-that-wasnt/
https://hackaday.com/2025/03/10/the-esp32-bluetooth-backdoor-that-wasnt/
Hackaday
The ESP32 Bluetooth Backdoor That Wasn’t
Recently there was a panicked scrambling after the announcement by [Tarlogic] of a ‘backdoor’ found in Espressif’s popular ESP32 MCUs. Specifically a backdoor on the Bluetooth si…
Forwarded from Bones' Tech Garage
We can agree with what is stated on why we like Linux Mint most. GNOME can be ram heavy. Cinnamon in recent tests ran at a clean 1GB of memory at idle. GNOME takes around 2GB of RAM at idle. It may not seem like a lot with modern RAM amounts but on low resource systems it can make a clear difference.
https://www.maketecheasier.com/why-i-left-ubuntu-and-choose-linux-mint/
https://www.maketecheasier.com/why-i-left-ubuntu-and-choose-linux-mint/
Make Tech Easier
Why I Left Ubuntu and Choose Linux Mint as My Primary OS - Make Tech Easier
In this article, I'll walk you through my journey of moving from Ubuntu to Linux Mint distro as my daily driver OS.