News

The Hacker News7h
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery
New research shows 9% of Microsoft Entra SaaS apps are vulnerable to nOAuth abuse, allowing full account takeovers.
The Hacker News15h
SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks
SonicWall and ConnectWise security breaches enable Trojan and remote access malware targeting VPN users and AI tool seekers.
The Hacker News15h
North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages
Contagious Interview, first publicly documented by Palo Alto Networks Unit 42 in late 2023, is an ongoing campaign undertaken ...
The Hacker News19h
Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options
Microsoft offers Windows 10 ESU program with free cloud sync or paid options for extra year of security updates.
The Hacker News14h
Beware the Hidden Risk in Your Entra Environment
Guest users in Entra ID may exploit billing roles to create and control subscriptions, escalating access undetected.
The Hacker News10h
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
The disclosure comes as Citrix patched a critical-rated security flaw in NetScaler (CVE-2025-5777, CVSS score: 9.3) that ...
The Hacker News13h
Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue
The first of the two approaches, dubbed bad shares, entails banning the mining proxy from the network, which, in turn, ...
The Hacker News10h
China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
Chinese Salt Typhoon actors exploit Cisco vulnerability to target global telecom providers, including Canadian devices ...
The Hacker News9h
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC
Citrix releases urgent patches for CVE-2025-6543 in NetScaler ADC, a critical flaw affecting multiple versions. CVSS score 9.2.