The Hacker News
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024.
The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024.
The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a
π πππππππππππ ππππππ πππππππ π
β Full Website Database Access / Cloning π
β Custom Tools
β Credit Card Dumps & Bank Logins π³πΈ
β Social Media Hacking β FB, IG, Twitter, Snapchat & More π₯
β Android & iPhone Remote Access β Control Any Device π²
β Wi-Fi Disabling & Router Exploits π‘
β IP Tracking & Precise Location Finder π°οΈ
β CCTV & Security Camera Live Access π₯
β Ransomware & Malware Deployment π
β Bitcoin / Ethereum Wallet Recovery (Or Draining π) π°
β Government & Private Database Access ποΈ
β Custom Malware & Exploits β Zero-Day Attacks π»
β οΈ Serious Clients Only β No Free Services β οΈ
π° Fast, Secure & Anonymous π°
msg to> @claysecure22
β Full Website Database Access / Cloning π
β Custom Tools
β Credit Card Dumps & Bank Logins π³πΈ
β Social Media Hacking β FB, IG, Twitter, Snapchat & More π₯
β Android & iPhone Remote Access β Control Any Device π²
β Wi-Fi Disabling & Router Exploits π‘
β IP Tracking & Precise Location Finder π°οΈ
β CCTV & Security Camera Live Access π₯
β Ransomware & Malware Deployment π
β Bitcoin / Ethereum Wallet Recovery (Or Draining π) π°
β Government & Private Database Access ποΈ
β Custom Malware & Exploits β Zero-Day Attacks π»
β οΈ Serious Clients Only β No Free Services β οΈ
π° Fast, Secure & Anonymous π°
msg to> @claysecure22
The Hacker News
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure.
The vulnerability, tracked as CVE-2025-24813, affects the below versions -
Apache Tomcat 11.0.0-M1 to 11.0.2
Apache Tomcat 10.1.0-M1 to 10.1.34
Apache Tomcat 9.0.0-M1 to 9.0.98
It concerns a
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure.
The vulnerability, tracked as CVE-2025-24813, affects the below versions -
Apache Tomcat 11.0.0-M1 to 11.0.2
Apache Tomcat 10.1.0-M1 to 10.1.34
Apache Tomcat 9.0.0-M1 to 9.0.98
It concerns a
π πππππππππππ ππππππ πππππππ π
β Full Website Database Access / Cloning π
β Custom Tools
β Credit Card Dumps & Bank Logins π³πΈ
β Social Media Hacking β FB, IG, Twitter, Snapchat & More π₯
β Android & iPhone Remote Access β Control Any Device π²
β Wi-Fi Disabling & Router Exploits π‘
β IP Tracking & Precise Location Finder π°οΈ
β CCTV & Security Camera Live Access π₯
β Ransomware & Malware Deployment π
β Bitcoin / Ethereum Wallet Recovery (Or Draining π) π°
β Government & Private Database Access ποΈ
β Custom Malware & Exploits β Zero-Day Attacks π»
β οΈ Serious Clients Only β No Free Services β οΈ
π° Fast, Secure & Anonymous π°
msg to> @claysecure22
β Full Website Database Access / Cloning π
β Custom Tools
β Credit Card Dumps & Bank Logins π³πΈ
β Social Media Hacking β FB, IG, Twitter, Snapchat & More π₯
β Android & iPhone Remote Access β Control Any Device π²
β Wi-Fi Disabling & Router Exploits π‘
β IP Tracking & Precise Location Finder π°οΈ
β CCTV & Security Camera Live Access π₯
β Ransomware & Malware Deployment π
β Bitcoin / Ethereum Wallet Recovery (Or Draining π) π°
β Government & Private Database Access ποΈ
β Custom Malware & Exploits β Zero-Day Attacks π»
β οΈ Serious Clients Only β No Free Services β οΈ
π° Fast, Secure & Anonymous π°
msg to> @claysecure22
The Hacker News
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data.
The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data.
The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored
π πππππππππππ ππππππ πππππππ π
β Full Website Database Access / Cloning π
β Custom Tools
β Credit Card Dumps & Bank Logins π³πΈ
β Social Media Hacking β FB, IG, Twitter, Snapchat & More π₯
β Android & iPhone Remote Access β Control Any Device π²
β Wi-Fi Disabling & Router Exploits π‘
β IP Tracking & Precise Location Finder π°οΈ
β CCTV & Security Camera Live Access π₯
β Ransomware & Malware Deployment π
β Bitcoin / Ethereum Wallet Recovery (Or Draining π) π°
β Government & Private Database Access ποΈ
β Custom Malware & Exploits β Zero-Day Attacks π»
β οΈ Serious Clients Only β No Free Services β οΈ
π° Fast, Secure & Anonymous π°
msg to> @claysecure22
β Full Website Database Access / Cloning π
β Custom Tools
β Credit Card Dumps & Bank Logins π³πΈ
β Social Media Hacking β FB, IG, Twitter, Snapchat & More π₯
β Android & iPhone Remote Access β Control Any Device π²
β Wi-Fi Disabling & Router Exploits π‘
β IP Tracking & Precise Location Finder π°οΈ
β CCTV & Security Camera Live Access π₯
β Ransomware & Malware Deployment π
β Bitcoin / Ethereum Wallet Recovery (Or Draining π) π°
β Government & Private Database Access ποΈ
β Custom Malware & Exploits β Zero-Day Attacks π»
β οΈ Serious Clients Only β No Free Services β οΈ
π° Fast, Secure & Anonymous π°
msg to> @claysecure22
The Hacker News
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem.
This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem.
This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in
The Hacker News
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL.
The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL.
The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in
The Hacker News
How to Improve Okta Security in Four Steps
While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts.
Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this
How to Improve Okta Security in Four Steps
While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts.
Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this
The Hacker News
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads
Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks.
"The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with
New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads
Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks.
"The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with
The Hacker News
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions.
The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity.
"A local or remote attacker can exploit the vulnerability by accessing the
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions.
The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity.
"A local or remote attacker can exploit the vulnerability by accessing the
The Hacker News
Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security
Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion.
"This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today.
It added the acquisition, which is
Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security
Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion.
"This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today.
It added the acquisition, which is
The Hacker News
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.
The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.
The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden
The Hacker News
New βRules File Backdoorβ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.
"This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent
New βRules File Backdoorβ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.
"This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent
The Hacker News
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog.
The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog.
The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote
The Hacker News
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems.
"These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems.
"These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially
The Hacker News
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small
The Hacker News
ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers
The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer.
ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector.
The
ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers
The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer.
ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector.
The
The Hacker News
Watch This Webinar to Learn How to Eliminate Identity-Based AttacksβBefore They Happen
In todayβs digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacksβlike phishing, adversary-in-the-middle, and MFA bypassβremain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening in the first place?
Our upcoming
Watch This Webinar to Learn How to Eliminate Identity-Based AttacksβBefore They Happen
In todayβs digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacksβlike phishing, adversary-in-the-middle, and MFA bypassβremain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening in the first place?
Our upcoming
The Hacker News
Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia
The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities.
The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user @ExploitWhispers last month.
According to an analysis of the messages by cybersecurity company
Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia
The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities.
The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user @ExploitWhispers last month.
According to an analysis of the messages by cybersecurity company
The Hacker News
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT.
The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code.
Cybersecurity company
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT.
The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code.
Cybersecurity company