Tech Affare

Category: news

  • Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

    Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

    The Hacker NewsThreat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure.
    Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719​Read More

  • React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

    React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

    The Hacker NewsThe security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security.
    “KSwapDoor is a professionally engineered remote access tool designed with stealth in mind,” Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said in a​Read More

  • Google to Shut Down Dark Web Monitoring Tool in February 2026

    Google to Shut Down Dark Web Monitoring Tool in February 2026

    The Hacker NewsGoogle has announced that it’s discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web.
    To that end, scans for new dark web breaches will be stopped on January 15, 2026, and the feature will cease to exist effective February 16, 2026.
    “While the report offered general​Read More

  • China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

    China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

    The Hacker NewsThe threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America.
    Check Point Research is tracking the cluster under the name Ink Dragon. It’s also referenced by the broader cybersecurity community under the names CL-STA-0049, Earth Alux, and REF7707. The​Read More

  • GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

    GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

    The Hacker NewsA new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud.
    The extensions have been collectively downloaded over 50,000 times, according to Koi Security, which discovered the campaign. The add-ons are no longer available.​Read More

  • Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

    Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

    The Hacker NewsAn ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining.
    The activity, first detected by Amazon’s GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamper​Read More

  • Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

    Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data

    The Hacker NewsCybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet stealer.
    The malicious package, named “Tracer.Fody.NLog,” remained on the repository for nearly six years. It was published by a user named “csnemess” on February 26, 2020. It masquerades as “Tracer.Fody,”​Read More

  • CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

    CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

    The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
    CVE-2018-4063 (CVSS score: 8.8/9.9) refers to an unrestricted file upload vulnerability that could be exploited to achieve remote code​Read More

  • ⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More

    ⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More

    The Hacker NewsIf you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready.
    Below, we list the urgent updates you need to install right now to stop these active threats.
    ⚡ Threat of the Week
    Apple and​Read More

  • A Browser Extension Risk Guide After the ShadyPanda Campaign

    A Browser Extension Risk Guide After the ShadyPanda Campaign

    The Hacker NewsIn early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale.
    A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into​Read More