Hacking Archives - Page 3 of 963

Pierluigi Paganini August 12, 2025

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

Microsoft Patch Tuesday security updates for August 2025 fixed 107 flaws, including a publicly disclosed Windows Kerberos zero-day. Microsoft Patch Tuesday security updates for August 2025 fixed 107 vulnerabilities in Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, GitHub Copilot, Dynamics 365, SQL Server, and Hyper-V Server. 12 vulnerabilities are rated […]

Pierluigi Paganini August 12, 2025

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

Dutch NCSC warns CVE-2025-6543 Citrix bug, a memory overflow flaw, is being exploited to breach critical organizations in the Netherlands. The Dutch NCSC warns that the critical Citrix NetScaler flaw CVE-2025-6543 has been exploited to breach critical organizations in the Netherlands. Dutch NCSC experts pointed out that CVE-2025-6543 was exploited for remote code execution. Threat […]

Pierluigi Paganini August 11, 2025

Chrome sandbox escape nets security researcher $250,000 reward

Researcher earns Google Chrome ’s top $250K bounty for a sandbox escape vulnerability enabling remote code execution. A researcher who goes online with the moniker ‘Micky’ earned $250,000 from Google for reporting a high-severity Chrome vulnerability. The flaw, tracked as CVE-2025-4609, resides in the Mojo IPC system, an attacker can exploit the flaw to escape […]

Pierluigi Paganini August 11, 2025

Smart Buses flaws expose vehicles to tracking, control, and spying

Researchers showed how hackers can exploit flaws in a bus’ onboard and remote systems for tracking, control and spying. Researchers Chiao-Lin ‘Steven Meow’ Yu of Trend Micro Taiwan and Kai-Ching ‘Keniver’ Wang of CHT Security, found that vulnerabilities in smart bus systems could let hackers remotely track, control, or spy on vehicles, exposing risks from […]

Pierluigi Paganini August 11, 2025

MedusaLocker ransomware group is looking for pentesters

MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters. MedusaLocker is a ransomware strain that was first observed in late 2019, it encrypts files on infected systems and demands a ransom, usually in cryptocurrency, for their decryption. The group operates as Ransomware-as-a-Service (RaaS), meaning affiliates can rent […]

Pierluigi Paganini August 10, 2025

BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks

Lenovo webcam flaws, dubbed BadCam, let attackers turn them into BadUSB devices to inject keystrokes and launch OS-independent attacks. Eclypsium researchers found vulnerabilities in some Lenovo webcams, collectively dubbed BadCam, that could let attackers turn them into BadUSB devices to inject keystrokes and launch OS-independent attacks. Principal security researchers Jesse Michael and Mickey Shkatov demonstrated […]

Pierluigi Paganini August 09, 2025

Embargo Ransomware nets $34.2M in crypto since April 2024

Embargo ransomware, likely a BlackCat/Alphv successor, has netted $34.2M in crypto since mid-2024, researchers say. The Embargo ransomware group has processed $34.2M in crypto since emerging in April 2024, researchers from Blockchain intelligence company TRM Labs report. “TRM Labs has identified approximately USD 34.2 million in incoming transaction volume likely associated with the group, with […]

Pierluigi Paganini August 09, 2025

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phishing attacks to install RomCom malware. The WinRAR flaw CVE-2025-8088, a directory traversal bug fixed in version 7.13, was exploited as a zero-day in phishing attacks to deliver RomCom malware, Bleeping Computer first reported. The flaw is a path traversal vulnerability affecting the […]

Pierluigi Paganini August 08, 2025

SonicWall dismisses zero-day fears after Ransomware probe

SonicWall found no evidence of a new vulnerability after probing reports of a zero-day used in ransomware attacks. SonicWall investigated claims of a zero-day being used in ransomware attacks but found no evidence of any new vulnerability in its products. SonicWall launched the investigation after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN […]

Pierluigi Paganini August 07, 2025

Air France and KLM disclosed data breaches following the hack of a third-party platform

Air France and KLM warn of a data breach exposing customer data via unauthorized access to a third-party platform. Air France and KLM reported a data breach after hackers accessed a third-party platform, potentially exposing some customers’ personal information. Both airlines confirmed that threat actors gained access to the platform of an unnamed service provider […]

Hacking

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

Chrome sandbox escape nets security researcher $250,000 reward

Smart Buses flaws expose vehicles to tracking, control, and spying

MedusaLocker ransomware group is looking for pentesters

BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks

Embargo Ransomware nets $34.2M in crypto since April 2024

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

SonicWall dismisses zero-day fears after Ransomware probe

Air France and KLM disclosed data breaches following the hack of a third-party platform

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Apple addressed the seventh actively exploited zero-day

Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection

A Scattered Spider member gets 10 years in prison

FBI: Russia-linked group Static Tundra exploit old Cisco flaw for espionage

US CERT/CC warns of flaws in Workhorse Software accounting software used by hundreds of municipalities in Wisconsin

QUICK LINKS

Hacking

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!