News

The Hacker News2h
Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File
Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited ...
The Hacker News3h
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
PumaBot hijacks Linux IoT devices via SSH brute-force, fakes Redis services, and mines crypto using stealthy rootkits.
The Hacker News4h
From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign
Session hijacking now drives enterprise breaches—88% involve stolen credentials, often exploited within hours.
The Hacker News5h
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
Mimo exploits CVE-2025-32432 in Craft CMS days after disclosure, deploying cryptominer and proxyware for monetization.
The Hacker News6h
How 'Browser-in-the-Middle' Attacks Steal Sessions in Seconds
The attack works by targeting session tokens. This enables the attackers to subvert even multi-factor authentication (MFA); ...
The Hacker News6h
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
Amazon-hosted IPs scanned 75 tech targets on May 8 in a one-day exploit surge, showing orchestrated cloud-based recon.
The Hacker News10h
Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more ...
The Hacker News23h
New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency
Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a ...