Forwarded from The Hacker News
🚨 One Day. 251 IPs. 75 Targets.
Experts detected a wave of Japan-based, Amazon-hosted IPs scanning 75 exposure points in hours.
CVEs hit: ColdFusion (CVE-2018-15961), Struts (CVE-2017-5638), Elasticsearch (CVE-2015-1427)
See what was targeted → https://thehackernews.com/2025/05/251-amazon-hosted-ips-used-in-exploit.html
Experts detected a wave of Japan-based, Amazon-hosted IPs scanning 75 exposure points in hours.
CVEs hit: ColdFusion (CVE-2018-15961), Struts (CVE-2017-5638), Elasticsearch (CVE-2015-1427)
See what was targeted → https://thehackernews.com/2025/05/251-amazon-hosted-ips-used-in-exploit.html
Forwarded from The Hacker News
🚨 A new zero-day is under attack — and it’s making money off your CMS.
Hackers are hijacking Craft CMS via a fresh zero-day to mine crypto and sell your bandwidth — all with stealthy new tools. One odd Python trick might help you spot them.
Learn more: https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html
Hackers are hijacking Craft CMS via a fresh zero-day to mine crypto and sell your bandwidth — all with stealthy new tools. One odd Python trick might help you spot them.
Learn more: https://thehackernews.com/2025/05/mimo-hackers-exploit-cve-2025-32432-in.html
Forwarded from The Hacker News
⚠️ You passed MFA. But your session didn’t.
A new attack, Browser-in-the-Middle, tricks users into typing passwords on a hacker’s browser—without knowing it.
It’s fast, invisible, and bypasses MFA.
Learn how it works—and how to stop it before it hits you. 👇 https://thehackernews.com/2025/05/how-browser-in-middle-attacks-steal.html
A new attack, Browser-in-the-Middle, tricks users into typing passwords on a hacker’s browser—without knowing it.
It’s fast, invisible, and bypasses MFA.
Learn how it works—and how to stop it before it hits you. 👇 https://thehackernews.com/2025/05/how-browser-in-middle-attacks-steal.html
Forwarded from The Hacker News
🚨 A new botnet is quietly hijacking Linux-based IoT devices.
PumaBot is targeting embedded Linux IoT devices—brute-forcing SSH, mining crypto, and hijacking credentials.
It impersonates Redis, evades honeypots, and survives reboots using systemd persistence.
🔗 Read: https://thehackernews.com/2025/05/new-pumabot-botnet-targets-linux-iot.html
PumaBot is targeting embedded Linux IoT devices—brute-forcing SSH, mining crypto, and hijacking credentials.
It impersonates Redis, evades honeypots, and survives reboots using systemd persistence.
🔗 Read: https://thehackernews.com/2025/05/new-pumabot-botnet-targets-linux-iot.html
Forwarded from The Hacker News
🚨 Session hijacking just replaced password theft.
Attackers now buy live access to Microsoft 365, AWS, Slack—no passwords, no MFA needed.
Flare analyzed 20M+ stealer logs. What they found changes everything.
👉 How fast it happens—and how to stop it: https://thehackernews.com/2025/05/from-infection-to-access-24-hour.html
Attackers now buy live access to Microsoft 365, AWS, Slack—no passwords, no MFA needed.
Flare analyzed 20M+ stealer logs. What they found changes everything.
👉 How fast it happens—and how to stop it: https://thehackernews.com/2025/05/from-infection-to-access-24-hour.html
Forwarded from The Hacker News
🚨 WARNING →
Apps like ChatGPT and Trello can access your entire OneDrive cloud via Microsoft’s File Picker—even if you upload just one file.
🔓 Overly broad permissions, vague prompts. No fix yet.
🔗 See what’s at risk → https://thehackernews.com/2025/05/microsoft-onedrive-file-picker-flaw.html
Apps like ChatGPT and Trello can access your entire OneDrive cloud via Microsoft’s File Picker—even if you upload just one file.
🔓 Overly broad permissions, vague prompts. No fix yet.
🔗 See what’s at risk → https://thehackernews.com/2025/05/microsoft-onedrive-file-picker-flaw.html
Forwarded from Bones' Tech Garage
Open Snitch requires some knowledge to use effectively and well, but is still considered an excellent standard for application firewall.
https://www.tecmint.com/opensnitch-linux-application-firewall/
https://www.tecmint.com/opensnitch-linux-application-firewall/
OpenSnitch: The Must-Have Application Firewall for Linux
OpenSnitch: A Simple Application Firewall for Linux
In this guide, we’ll explain what OpenSnitch is, why it’s useful, and walk you through its installation and basic usage in a simple and beginner-friendly way.
microG update 2025-05-28:
===========================
Brand new notes:
download
How to download microG files (FOR EXPERIENCED USERS ONLY)
updating
How to update an existing, working microG installation
Updated notes:
info
Updated current versions
Minor cleanup
installation
Added info re: new LOS embedded spoofing solution
General cleanup and update on installer status, etc.
why-microg
Added Huawei info
huawei
Update supported versions
Reference to non-microg google solutions perhaps out there but OT in this group
Update official Huawei support link
====
===========================
Brand new notes:
download
How to download microG files (FOR EXPERIENCED USERS ONLY)
updating
How to update an existing, working microG installation
Updated notes:
info
Updated current versions
Minor cleanup
installation
Added info re: new LOS embedded spoofing solution
General cleanup and update on installer status, etc.
why-microg
Added Huawei info
huawei
Update supported versions
Reference to non-microg google solutions perhaps out there but OT in this group
Update official Huawei support link
====
Forwarded from The Hacker News
🚨 China accused of cyber espionage—again.
Czech Republic publicly blames APT31, a state-linked hacking group, for targeting its Foreign Ministry since 2022. The attack hit critical infrastructure.
🔗 Read the full story: https://thehackernews.com/2025/05/czech-republic-blames-china-linked.html
Czech Republic publicly blames APT31, a state-linked hacking group, for targeting its Foreign Ministry since 2022. The attack hit critical infrastructure.
🔗 Read the full story: https://thehackernews.com/2025/05/czech-republic-blames-china-linked.html
Forwarded from Tech & Leaks Zone
Google advises all Android users to update Instagram app to fix battery drain
On the Android Help Community, Google told users to update Instagram to “fix a battery drain issue on Android devices.”
Google has not provided any other details about the problem, including whether a particular manufacturer (Pixel, Samsung, etc.) or Android OS version is impacted, thus indicating this a widespread enough issue.
Follow @TechLeaksZone
On the Android Help Community, Google told users to update Instagram to “fix a battery drain issue on Android devices.”
Starting today, Instagram is rolling out an updated app that should fix a battery drain issue on Android devices. Please make sure you have the latest version of the Instagram app (build 382.0.0.49.84) to resolve this issue.
Google has not provided any other details about the problem, including whether a particular manufacturer (Pixel, Samsung, etc.) or Android OS version is impacted, thus indicating this a widespread enough issue.
Follow @TechLeaksZone
Forwarded from The Hacker News
🚨 Iranian Hacker Pleads Guilty in U.S. Ransomware Case
Sina Gholinejad, 37, admitted to leading Robbinhood ransomware attacks that hit U.S. cities like Baltimore and Greenville between 2019–2024.
💥 $19M+ in damages
💥 City services shut down for months
💥 Used stolen access + vulnerable drivers to avoid detection
💥 Laundered ransom through crypto mixers
He faces up to 30 years in prison.
👉 Read the full story: https://thehackernews.com/2025/05/iranian-hacker-pleads-guilty-in-19.html
Sina Gholinejad, 37, admitted to leading Robbinhood ransomware attacks that hit U.S. cities like Baltimore and Greenville between 2019–2024.
💥 $19M+ in damages
💥 City services shut down for months
💥 Used stolen access + vulnerable drivers to avoid detection
💥 Laundered ransom through crypto mixers
He faces up to 30 years in prison.
👉 Read the full story: https://thehackernews.com/2025/05/iranian-hacker-pleads-guilty-in-19.html