The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
Bleeping Computer

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to ...
The New York Times

F.T.C. Settles With Express Scripts Over High Insulin Prices

The Trump administration announced that the company, a pharmacy benefit manager, had agreed to make significant changes to its practices. By Rebecca Robbins and Reed Abelson The reporters have ...
Benzinga.com

Could AI Agents Exploit Ethereum, XRP, Solana? Anthropic Says It's Possible

AI firm Anthropic says its latest tests showed AI agents autonomously hacking top blockchains and draining simulated funds, signaling that automated exploits may now threaten blockchains like Ethereum ...
CoinDesk

Anthropic Research Shows AI Agents Are Closing In on Real DeFi Attack Capability

AI agents are getting good enough at finding attack vectors in smart contracts that they can already be weaponized by bad actors, according to new research published by the Anthropic Fellows program.
CoinDesk

Balancer Hit by Apparent Exploit as $110M in Crypto Moves to New Wallets

Balancer, a decentralized finance (DeFi) protocol with over $750 million in value locked, appears to have been hit by its biggest exploit yet, with on-chain data showing upward of $110 million in ...
Forbes

Ongoing Ransomware Attacks Exploit Linux Vulnerability, CISA Warns

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Admit it: the first thing you think of when ransomware is ...
CoinTelegraph

Bunni DEX paused following $2.4M exploit of liquidity function

A flaw in Bunni’s custom liquidity logic allowed an attacker to drain about $2.4 million in stablecoins, prompting the platform to pause all contracts. Decentralized exchange Bunni fell victim to an ...
Forbes

VMware Hacked As $150,000 Zero-Day Exploit Dropped

Pwn2Own hackers use $150,000 exploit on VMware ESXi. The elite hackers attending Pwn2Own in Berlin have made hacking history by successfully deploying a zero-day exploit against VMware ESXi. Having ...
The Verge

Xbox 360 consoles can now be hacked with just a USB key

You don’t need to open up your Xbox 360 console for this mod, but you will need some time and patience. You don’t need to open up your Xbox 360 console for this mod, but you will need some time and ...
Bleeping Computer

Fake LDAPNightmware exploit on GitHub spreads infostealer malware

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The ...
Dark Reading

1 PoC Exploit for Critical RCE Flaw, but 2 Patches From Veeam

A researcher has released a proof-of-concept (PoC) exploit and analysis for a critical vulnerability, tracked as CVE-2024-40711, used in Veeam's backup and replication software. As an unauthenticated ...