CISA orders feds to patch Windows flaw exploited as zero-day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems ...
The Hacker News

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...

Attack of the killer script kiddies

For decades, this type of no-skill hacker, known as a script kiddie, has wreaked havoc, running scripts they ripped from the ...

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.

No Microsoft Patch—All Windows Versions Likely At Risk From PhantomRPC

Security researchers have uncovered an unpatched Windows security bug with effectively unlimited potential attack ...

Hacker who allegedly carried out cyberattacks for China is extradited to US

Xu Zewei is accused of participating in a Chinese government hacking group that broke into thousands of U.S. organizations ...
SecurityWeek

No Patch for New PhantomRPC Privilege Escalation Technique in Windows

The PhantomRPC Windows vulnerability allows attackers to elevate their privileges to System by using a fake RPC server.

Google issues new 'warning' in Microsoft Teams chat invitations and helpdesk scam

Google has warned about a new cybercrime group that uses Microsoft Teams chat invitations and fake helpdesk messages to steal ...

Alleged Silk Typhoon hacker extradited to US for cyberespionage

A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
Hosted on MSN

Python scripts that save you hours

Python automation is transforming how people handle repetitive tasks, from organizing messy folders to processing data and monitoring systems. With just a few lines of code, you can replace expensive ...
Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...