News

The Hacker News22h
Why NHIs Are Security's Most Dangerous Blind Spot
Non-Human Identities, for the most part, authenticate using secrets: API keys, tokens, certificates, and other credentials ...
The Hacker News22h
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully ...
The Hacker News21h
New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework
"SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing an unauthenticated ...
The Hacker News22h
Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
xrpl.js is a popular JavaScript API for interacting with the XRP Ledger blockchain, also called the Ripple Protocol, a ...
The Hacker News19h
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
Darcula was first documented by the cybersecurity company in March 2024 as a toolkit that leveraged Apple iMessage and RCS to send smishing messages to users that trick recipients into clicking on ...
The Hacker News19h
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
"In 2023, UNC3782 conducted phishing operations against TRON users and transferred more than $137 million USD worth of assets in a single day," the company noted. "UNC3782 launched a campaign in 2024 ...