Information Security News|Cyber Security|Hacking Tutorial

Online shops plundered by bank card-stealing malware after bungling backend Aptos hacked

On: March 2, 2017

We were silenced by the Feds!’. Shoppers of 40 online stores have had their bank card numbers and addresses slurped by a malware infection at backend provider Aptos. The securityRead More →

Two new Mac backdoors discovered

On: March 1, 2017

In: Malware, Vulnerabilities

On Valentine’s Day, Mac users got a special “treat” in the form of new malware. Then, later that same week, there were signs of yet another piece of malware looming. These threatsRead More →

Google Helps News Sites Thwart DDoS Attacks

Massive Necurs Spam Botnet Now Equipped to Launch DDoS Attacks

On: March 1, 2017

In: Incidents

With more than one million active bots at any time, a Necurs-enabled DDoS attack could dwarf such an attack by the Mirai botnet. In an ominous development, the world’s largestRead More →

XSS flaws in Zscaler Cloud management software allow logged attackers to hack coworkers

On: March 1, 2017

In: Important, Incidents, Malware, Vulnerabilities

Zscaler has fixed persistent XSS vulnerabilities affecting Zscaler Cloud management software that allow logged attackers to hack coworkers. Serious cross-site scripting (XSS) flaws in the Zscaler Cloud management software could be exploitedRead More →

DRIDEX TROJAN GETS A MAJOR ‘ATOMBOMBING’ UPDATE

On: March 1, 2017

In: Malware

The Dridex banking Trojan has been updated and now sports a new injection method for evading detection based on the technique known as AtomBombing. Researchers with IBM X-Force identified the newRead More →

ESET antivirus cracks opens Apple Macs to remote root execution via man-in-middle diddle

On: March 1, 2017

In: Incidents, Vulnerabilities

Bored hacker looking for fun? We couldn’t possibly suggest you attack the latest vulnerability in ESET’s antivirus software, because it’s too basic to offer any challenge at all. As outlinedRead More →

Stuffed toys database left personal data exposed, says security expert

On: February 28, 2017

In: Incidents

Internet of Things database containing personal information was indexed by Shodan search engine. The database behind an internet-connected cuddly toy exposed the account information of over 800,000 users, while aRead More →

Critical SQL Injection Vulnerability Found in NextGEN Gallery WordPress Plugin

On: February 28, 2017

In: Vulnerabilities

The vulnerability can lead to attackers grabbing data from website database or user sensitive information. A new SQL Injection vulnerability was discovered in the NextGen Gallery plugin for WordPress, allowingRead More →

Web Cache Deception Attack

On: February 28, 2017

In: Important, Incidents, Malware, Vulnerabilities

A few words about caching and reactions Websites often tend to use web cache functionality (for example over a CDN, a load balancer, or simply a reverse proxy). The purposeRead More →

Online shops plundered by bank card-stealing malware after bungling backend Aptos hacked

Two new Mac backdoors discovered

Massive Necurs Spam Botnet Now Equipped to Launch DDoS Attacks

DRIDEX TROJAN GETS A MAJOR ‘ATOMBOMBING’ UPDATE

ESET antivirus cracks opens Apple Macs to remote root execution via man-in-middle diddle

Stuffed toys database left personal data exposed, says security expert

Critical SQL Injection Vulnerability Found in NextGEN Gallery WordPress Plugin

Web Cache Deception Attack

How Hackers Intercept Mobile OTP and Calls Without ‘Hacking’ — The Shocking Power of SIM Boxes

TunnelCrack: Two serious vulnerabilities in VPNs discovered, had been dormant since 1996

How to easily hack TP-Link Archer AX21 Wi-Fi router

US Govt wants new label on secure IoT devices or wants to discourage use of Chinese IoT gadgets

24,649,096,027 (24.65 billion) account usernames and passwords have been leaked by cyber criminals till now in 2022

This Hidden Comet/Atlas AI Browser Flaw That Hackers Are Exploiting

How to Use Google’s OSS Rebuild: A New Open Source Software Supply Chain Security Tool

MFA? Irrelevant. CitrixBleed 2 Lets Hackers Take Over Without Logging In

MotW Bypassed: Zero Warning, Full Control – New WinRAR Flaw Silently Bypasses Windows Security

New Vulnerability in GCP Cloud Run Shows Why Least Privilege Isn’t Enough

Forget Metasploit: Inside Predator’s Zero-Click Advertising-Driven Phone Hacking System

How Hackers Intercept Mobile OTP and Calls Without ‘Hacking’ — The Shocking Power of SIM Boxes

13 Insanely Easy Techniques to Hack & Exploit Agentic AI Browsers

How to Use Google’s OSS Rebuild: A New Open Source Software Supply Chain Security Tool

Phishing 2.0: AI Tools Now Build Fake Login Pages That Fool Even Experts

How TokenBreak Technique Hacks OpenAI, Anthropic, and Gemini AI Filters — Step-by-Step Tutorial

Comparing Top 8 AI Code Assistants: Productivity Miracle or Security Nightmare. Can You Patent AI Code Based App?

No Login Required: How Hackers Hijack Your System with Just One Keystroke: utilman.exe Exploit Explained

How to Send DKIM-Signed, 100% Legit Phishing Emails — Straight from Google That Bypass Everything

A Malware That EDR Can’t See?If You Rely on Antivirus for Protection, Read This Before It’s Too Late!

Live Malware Code Mutation: How AI Generates Evasive Malware

Backdooring ATMs via Bootloader? These Hackers Showed It’s Still Possible in 2025”

How Lynx Ransomware Extorts Millions from U.S. Companies

A Malware That EDR Can’t See?If You Rely on Antivirus for Protection, Read This Before It’s Too Late!

Top 2 Malicious Python Packages You Must Avoid! Zebo-0.1.0 & Cometlogger-0.1

Cyber Security Channel

How to easily hack TP-Link Archer AX21 Wi-Fi router

US Govt wants new label on secure IoT devices or wants to discourage use of Chinese IoT gadgets

24,649,096,027 (24.65 billion) account usernames and passwords have been leaked by cyber criminals till now in 2022