Tech Affare

Category: news

  • China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

    China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

    The Hacker NewsA threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year.
    Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region.​Read More

  • Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

    Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

    The Hacker NewsCisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686.
    The vulnerability, tracked as CVE-2025-20393 (CVSS​Read More

  • Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

    Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

    The Hacker NewsCybersecurity researchers have disclosed details of a malware campaign that’s targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem.
    “The malware is designed to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. Compromised developer​Read More

  • North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

    North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews

    The Hacker NewsAs many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, marketing, and software development sectors in Europe, South Asia, the Middle East, and Central America.
    The new findings​Read More

  • Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

    Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws

    The Hacker NewsZoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution.
    The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked as CVE-2026-22844​Read More

  • Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

    Webinar: How Smart MSSPs Using AI to Boost Margins with Half the Staff

    The Hacker NewsEvery managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding “CISO-level protection” at SMB budgets.
    The truth? Most MSSPs are running harder, not smarter. And it’s breaking their margins. That’s where the quiet revolution is happening: AI isn’t just writing reports or surfacing risks — it’s rebuilding how security services are​Read More

  • Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice

    Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice

    The Hacker NewsUkrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta.
    In addition, the group’s alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to the European Union’s Most Wanted and INTERPOL’s Red Notice lists, authorities​Read More

  • Exposure Assessment Platforms Signal a Shift in Focus

    Exposure Assessment Platforms Signal a Shift in Focus

    The Hacker NewsGartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry’s collective “to-do list” has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is a formal admission that traditional Vulnerability Management (VM) is no longer a viable way to secure a modern​Read More

  • OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans

    OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans

    The Hacker NewsOpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the artificial intelligence (AI) company expanded access to its low-cost subscription globally.
    “You need to know that your data and conversations are protected and never sold to advertisers,” OpenAI said. “And we need to keep a high bar and give​Read More

  • Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

    Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

    The Hacker NewsSecurity vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization.
    Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or​Read More