Aggregator

ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers(link is external)

The Hackers News
2 months 4 weeks ago
The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector. The
The Hacker News

Sophisticated Attack Via Booking Websites Installs LummaStealer Malware(link is external)

Cyber Security News
2 months 4 weeks ago

Cybercriminals have launched a new sophisticated attack campaign targeting travelers through fake booking websites. The campaign, discovered in early 2025, tricks users into installing LummaStealer malware through deceptive CAPTCHA verification processes, putting personal and financial information at risk. The attack begins when unsuspecting victims visit what appears to be a legitimate booking confirmation page. Before […]

The post Sophisticated Attack Via Booking Websites Installs LummaStealer Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks(link is external)

Security Affairs
2 months 4 weeks ago
The Rules File Backdoor attack targets AI code editors like GitHub Copilot and Cursor, making them inject malicious code via a supply chain vulnerability. Pillar Security researchers uncovered a dangerous new supply chain attack vector called ‘Rules File Backdoor.’ Threat actors could use the technique to silently compromise AI-generated code by injecting malicious code. The attack […]
Pierluigi Paganini

5 Identity Threat Detection & Response Must-Haves for Super SaaS Security(link is external)

The Hackers News
2 months 4 weeks ago
Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small
The Hacker News

CVE-2024-6382(link is external)

CVE Trends
2 months 4 weeks ago
Currently trending CVE - Hype Score: 3 - Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2

Managed ad