Google says ShinyHunters hackers targeting education sector via Oracle exploit

Alphabet's cybersecurity unit Mandiant and Google Threat Intelligence Group said Thursday they had identified an ​active ...
Lifehacker

Update Chrome ASAP to Protect Yourself From This Active Exploit

Jake Peterson is Lifehacker’s Tech Editor, and has been covering tech news and how-tos for nearly a decade. His team covers all things technology, including AI, smartphones, computers, game consoles, ...
GitHub

POOPS PS5 Autoloader - BD-J Kernel Exploit & ELF Autoloader

It's Poops-PS5-Java chained with 'ps5_autoloader.elf' For implemented ISO, go check BD-UN-JB-Poops-Autoloader. 'Poops.java' is Java port of the poops_ps5.lua IPv6 UAF kernel exploit originally ...
Infosecurity-magazine.com

AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January

A prolific ransomware group has been exploiting a zero-day vulnerability in a Cisco firewall product since January, according to a new analysis from AWS. AWS CISO, CJ Moses, warned yesterday that the ...
The Hacker News

Java | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm ...
The Hacker News

Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access

Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The ...
Bleeping Computer

Apache Parquet exploit tool detect servers vulnerable to critical flaw

A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. The tool was ...
Dark Reading

China's Volt Typhoon Exploits Zero-Day in Versa's SD-WAN Director Servers

China's notorious Volt Typhoon group has been actively exploiting a zero-day bug in Versa Networks' Director Servers, to intercept and harvest credentials to be used future attacks. The bug, now ...
Bleeping Computer

Exploit for CrushFTP RCE chain released, patch now

Eventually, the attackers can leverage the 'sessions. obj' file in the program's installation folder to hijack live user sessions belonging to admin accounts, essentially achieving privileged ...
Ars Technica

Exploit released for 9.8-severity PaperCut flaw already under attack

Exploit code for a critical printer software vulnerability became publicly available on Monday in a release that may exacerbate the threat of malware attacks that have already been underway for the ...
InfoQ

Upgrade to Apache Commons Text 1.10 to Avoid New Exploit

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...