The Hacker News

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets ...
Gadget Review on MSNOpinion

The great juice jacking scam: Why the FBI warns about a hack that doesn't exist

Juice jacking warnings persist despite zero confirmed attacks on modern phones, while simple precautions like USB data ...

Wireless Headphones Attack Can Spy On Your Smartphone — Update Now

Vulnerabilities affecting wireless earbuds and headphones from major brands could have enabled attackers to listen in and ...
GitHub

Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

See openssh.patch for a simple patch to openssh that logs any connection attempt with a public key N matching the backdoor format. The backdoor uses a hardcoded ED448 public key for signature ...
The Hacker News

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high ...
GitHub

CVE-2024-4577 PoC Exploit

This repository contains a proof-of-concept (PoC) exploit for CVE-2024-4577, a critical vulnerability affecting all versions of PHP running on Windows. The vulnerability allows attackers to execute ...