RSS Dashboard

The Hackers News

Microsoft Security Response Centre

The National Cyber Security Centre

Zero Day Initiative: Published

NHS High CareCerts

ThreatPost

London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches

The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the… [...]

Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers'… [...]

Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts

GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps… [...]

Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities

A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. "The… [...]

CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. "Zoho… [...]

Summary Today, Microsoft released new versions of the Azure Key Vault libraries and Azure Identity libraries as part of the Azure Software Development Kit (SDK) that includes defense-in-depth feature improvements.… [...]

When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the streets of Lima, Peru… [...]

The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to… [...]

Summary: Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of… [...]

The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize… [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

The NCSC's threat report is drawn from recent open source reporting. [...]

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the… [...]

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the… [...]

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the… [...]

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target… [...]

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics framework is required to exploit this vulnerability but attack vectors may… [...]

Severity: Low CISA Medical Advisory released for four vulnerabilities found in four Sigma Spectrum and two Baxter Spectrum product lines CISA Medical Advisory released for four vulnerabilities found in four… [...]

Severity: Information only Update for the Berkeley Internet Name Domain system Update for the Berkeley Internet Name Domain system Updated: 23 Sep 2022 [...]

Severity: Medium CISA have announced that a critical vulnerability affecting Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus is being actively exploited CISA have announced that a critical… [...]

Severity: Medium Microsoft security update addresses a spoofing vulnerability in Endpoint Configuration Manager Microsoft security update addresses a spoofing vulnerability in Endpoint Configuration Manager Updated: 22 Sep 2022 [...]

Severity: Information only Dataprobe has released firmware updates to address several critical and high-severity vulnerabilities in iBoot-PDU power distribution units Dataprobe has released firmware updates to address several critical and… [...]

Severity: Low Five vulnerabilities affect Contec's ICU CCU Vital Signs Patient Monitor Five vulnerabilities affect Contec's ICU CCU Vital Signs Patient Monitor Updated: 22 Sep 2022 [...]

Severity: Low Two out-of-bounds read and write issues are causing vulnerabilities in the Hillrom medical device management tools, which are Welch Allyn products. Two out-of-bounds read and write issues are… [...]

Severity: Low CISA Medical Advisory released for six vulnerabilities found in two Sigma Spectrum and four Baxter Spectrum product lines CISA advisory released for six vulnerabilities found in two Sigma… [...]

Severity: High Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions Updated: 16… [...]

Severity: Information only Security update addresses one Critical vulnerability, three High severity vulnerabilities and one Medium severity vulnerability. Security update addresses one Critical vulnerability, three High severity vulnerabilities and one… [...]

Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.