XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells The Hacker [email protected] (The Hacker News)
February 9, 2025

Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, …


Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection The Hacker [email protected] (The Hacker News)
February 7, 2025

Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the …


Teen on Musk’s DOGE Team Graduated from ‘The Com’ Krebs on SecurityBrianKrebs
February 7, 2025

Wired reported this week that a 19-year-old working for Elon Musk's so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association …


DeepSeek App Transmits Sensitive User and Device Data Without Encryption The Hacker [email protected] (The Hacker News)
February 7, 2025

A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans …


CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE The Hacker [email protected] (The Hacker News)
February 7, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability …


AI-Powered Social Engineering: Reinvented Threats The Hacker [email protected] (The Hacker News)
February 7, 2025

The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are …


Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection The Hacker [email protected] (The Hacker News)
February 7, 2025

Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's …


India’s RBI Introduces Exclusive “bank.in” Domain to Combat Digital Banking Fraud The Hacker [email protected] (The Hacker News)
February 7, 2025

India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud. "This initiative aims to …


Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware The Hacker [email protected] (The Hacker News)
February 6, 2025

Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion …


Experts Flag Security, Privacy Risks in DeepSeek AI App Krebs on SecurityBrianKrebs
February 6, 2025

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, …