Hack Reports - Latest Cybersecurity News, Trends & Updates

Sign in Subscribe

Vulnerability Exploits

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

A high-severity security flaw, tracked as CVE-2024-43405, has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner. This vulnerability allows attackers to bypass signature checks and potentially execute malicious code13. Key Highlights: * Vulnerability Description: The vulnerability stems from a discrepancy between how the signature verification process and

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

The latest news on the LDAP vulnerability PoC exploit, specifically CVE-2024-49112, involves a critical remote code execution (RCE) flaw in Windows Lightweight Directory Access Protocol (LDAP) clients. Here are the key details: CVE-2024-49112 Overview Vulnerability Description: CVE-2024-49112 is a critical vulnerability in Windows LDAP clients that allows remote code execution.

New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites

New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites

Latest News on DoubleClickjacking Vulnerability 2025 DoubleClickjacking is a sophisticated form of the traditional clickjacking attack that exploits unsuspecting users with a two-click sequence, bypassing existing defenses and leaving websites and user accounts vulnerable to takeover1. How DoubleClickjacking Works 1. Initial Setup: * An attacker designs a malicious website featuring an

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Latest News on Azure Airflow Kubernetes RBAC Vulnerabilities, Data Exfiltration through Azure Misconfigurations, and Apache Airflow Security Weaknesses 2025 Azure Airflow Kubernetes RBAC Vulnerabilities Dirty DAG Vulnerabilities in Azure Data Factory's Apache Airflow Integration: * Vulnerabilities: Security researchers have identified new vulnerabilities in Azure Data Factory's integration

On the sixth day of Christmas, an X account gave to me: a fake 7-Zip ACE - The Record from Recorded Future News

On the sixth day of Christmas, an X account gave to me: a fake 7-Zip ACE - The Record from Recorded Future News

The latest news on the 7-Zip zero-day exploit in December 2024 involves a critical vulnerability that has been publicly disclosed. Here are the key points: 1. Vulnerability Disclosure: * A zero-day (0day) vulnerability in 7-Zip, a widely-used file archiving tool, has been disclosed by an individual using the alias "NSA_

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

Latest News on Chrome Extensions Hacked and Browser Extension Security Vulnerabilities Key Highlights: 1. Compromised Chrome Extensions: * At least five Chrome extensions were compromised in a coordinated attack, with malicious actors injecting code designed to steal users' data14. 2. Affected Extensions: * The compromised extensions include Internxt VPN, ParrotTalks, Uvoice,

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

The latest news on the Four-Faith router exploit CVE-2024-12856, an OS command injection vulnerability, is as follows: CVE-2024-12856 Exploitation: * Vulnerability Details: VulnCheck has discovered that a new vulnerability affecting Four-Faith industrial routers has been exploited in the wild. The vulnerability, tracked as CVE-2024-12856, is an OS command injection flaw15. * Severity: