The Hacker News

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
CSO Online

Ivanti patches critical Sentry flaws that lead to full device takeover

Two vulnerabilities in the secure mobile gateway appliance allow unauthenticated attackers to bypass authentication and ...

C0XMO botnet spreads via DD-WRT router flaw, kills rival malware

A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with ...

Miasma worms its way onto GitHub as attack kit goes open source

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...
CSOonline

Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems

Two flaws in the widely used open-source editor can be triggered through manipulated configuration files, prompting security updates from the project's maintainers. Two arbitrary code execution ...
Bleeping Computer

New Gogs zero-day flaw lets hackers get remote code execution

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub ...
TechRepublic

Cisco Patches Three Critical Vulnerabilities – Here are the Products Affected

Three separate vulnerabilities impact Cisco’s identity services. All have been patched. Severe vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...