From The Hacker News – BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
Posted inNews

From The Hacker News – BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability

In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract
From The Hacker News – Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Posted inNews

From The Hacker News – Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a
From The Hacker News – GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
Posted inNews

From The Hacker News – GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all
From The Hacker News – Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
Posted inNews

From The Hacker News – Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk

Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution when parsing certain font
From The Hacker News – Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites
Posted inNews

From The Hacker News – Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,