From The Hacker News – Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

From The Hacker News – Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality,
From The Hacker News – The Future of Serverless Security in 2025: From Logs to Runtime Protection

From The Hacker News – The Future of Serverless Security in 2025: From Logs to Runtime Protection

Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is
From The Hacker News – XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

From The Hacker News – XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. The package, named @0xengine/xmlrpc, was originally published on October 2, 2023 as a JavaScript-based XML-RPC
From The Hacker News – Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware

From The Hacker News – Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware

A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique