The Hacker News

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Critical out-of-bounds read in Ollama before 0.17.1 leaks process memory including API keys from over 300000 servers via ...
Dark Reading

China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm

The cyberthreat group targets an Azerbaijani oil-and-gas firm with repeated attack, as the China-linked actors extend ...

Top download manager JDownloader hacked — installers replaced with dangerous malware

Between May 6 and 7, it was dangerous to install JDownloader from alternative links on the site.
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Dark Reading

Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia

More than 1,600 malicious messages from the China-backed APT group deliver the previously undocumented ABCDoor backdoor and ...
How-To Geek on MSN

4 things I never thought I could do on Android until I discovered Termux

The new terminal app that transforms phones into productivity tools.
cryptopolitan

Fake OpenAI repo hits 244K downloads, ships crypto wallet stealer

A fake repository mimicking OpenAI’s Privacy Filter on Hugging Face accumulated ~244,000 downloads before being removed. It delivered a multi-stage Rust infostealer ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...
The Hacker News

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

Weekly cybersecurity recap covering zero-days, malware, phishing, supply chain attacks, cloud threats, AI security risks, and ...
WeLiveSecurity

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via ...

Hackers used Daemon Tools' own website to silently install backdoors on thousands of PCs for nearly a month

Cybersecurity researchers at Kaspersky found that the attack compromised multiple versions of Daemon Tools, from 12.5.0.2421 through 12.5.0.2434. What made the campaign particularly difficult to ...