The Hacker News

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

CISA adds four actively exploited vulnerabilities to its KEV catalog, including Chrome RCE, Zimbra SSRF, Windows ActiveX, and ...
Security Boulevard

ACFW firewall test prologue – still failing at the basics

The results of our soon-to-be-published Advanced Cloud Firewall (ACFW) test are hard to ignore. Some vendors are failing badly at the basics like SQL injection, command injection, Server-Side Request ...
SecurityWeek

Fresh SolarWinds Vulnerability Exploited in Attacks

The critical-severity SolarWinds Web Help Desk flaw could lead to unauthenticated remote code execution. Threat actors are exploiting a critical-severity SolarWinds vulnerability that was patched last ...
IEEE

Side Channel Attacks on Resource-Constrained Devices Enabled Through Secure Cloud Outsourcing

Abstract: Side-Channel Attacks (SCAs) now require more side-channel traces for successful execution, which places more stringent requirements on the storage capacity and computational ability of the ...
CNN

Russia says it agreed to pause strikes on Kyiv until Sunday at Trump’s request

US President Donald Trump claimed his Russian counterpart Vladimir Putin agreed to a week-long pause in attacks on major Ukrainian cities, including the capital, Kyiv, as the country grapples with ...
New York Post

Trump says Putin agreed to a 1-week pause in Ukraine attacks after his personal phone request

President Trump personally implored Russian dictator Vladimir Putin to halt missile and drone strikes on Ukrainian cities for a week, as civilians face deadly cold and widespread blackouts caused by ...
The Escapist

Embark reveals DDoS attacks are causing ARC Raiders and The Finals server issues

ARC Raiders’ latest patch with many new meta events has dropped. And while the new big patch is causing various bugs and issues, it turns out it’s not entirely to blame. Hostile actors are attacking ...
GitHub

OfirGavish/DragonWatch-SSRF-Demo

A visually stunning, intentionally vulnerable Website Uptime Monitoring application designed for Azure WAF security demonstrations at conferences. Features a professional dragon theme with glass ...
Dark Reading

Critical Telnet Server Flaw Exposes Forgotten Attack Surface

Threat actors are exploiting a critical vulnerability that affects hundreds of thousands of telnet servers, bringing an often-neglected threat vector back into the limelight. One Monday, the US ...
Bleeping Computer

Nearly 800,000 Telnet servers exposed to remote attacks

Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils ...
IEEE

Improving Transferability of Adversarial Examples via Bayesian Attacks

Abstract: The transferability of adversarial examples allows for the attack on unknown deep neural networks (DNNs), posing a serious threat to many applications and attracting great attention. In this ...