The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...
CSOonline

Why some security fixes never reach your vulnerability dashboard

CVE was built to track code flaws with fixes. It’s now being stretched to cover malware and supply chain incidents that don’t fit. Agent infrastructure and AI assets are where that drift becomes ...
TechRepublic

Hackers Pose as IT Staff in Microsoft Teams to Install Malware

Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks. Microsoft Teams impersonation and social ...
Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...
TechRepublic

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more. A new social engineering campaign is abusing ...
LinkedIn

From Userland to Kernel: A Deep Dive into Linux Process Injection with ptrace()

In the world of cybersecurity, understanding the deepest layers of the operating system isn't just academic—it's essential. For those of us defending, analyzing, or testing Linux environments, the ...
WeLiveSecurity

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

In this blogpost, ESET researchers provide an analysis of Spellbinder, a lateral movement tool for performing adversary-in-the-middle attacks, used by the China-aligned threat actor that we have named ...
Microsoft

Code injection attacks using publicly disclosed ASP.NET machine keys

In December 2024, Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver ...
WeLiveSecurity

RomCom exploits Firefox and Windows zero days in the wild

ESET researchers discovered a previously unknown vulnerability in Mozilla products, exploited in the wild by Russia-aligned group RomCom. This is at least the second time that RomCom has been caught ...
LinkedIn

Process Injection Techniques - (Process Hollowing, Thread Execution Hijacking, DLL Injection, and PE Injection)

Before going into these injection techniques, it’s important to understand the key components of a process that we can exploit. By having good knowledge of these components, we can use them to our ...
SDxCentral

#StopRansomware: Phobos Ransomware

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat ...