Skip to content
Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production Node.js app” that, if successfully exploited, could trigger a denial-of-service (DoS) condition. “Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come toRead More »Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear orRead More »PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

Patch Tuesday, January 2026 Edition

Patch Tuesday, January 2026 Edition

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today. January’s Microsoft zero-day flaw — CVE-2026-20805Read More »Patch Tuesday, January 2026 Edition

CrowdStrike to Acquire Browser Security Firm Seraphic for $420 Million

News of the move to acquire Seraphic comes less than a week after CrowdStrike announced an agreement to acquire identity security startup SGNL for $740 million. The post CrowdStrike to Acquire Browser Security Firm Seraphic for $420 Million appeared first on SecurityWeek.

Adobe Patches Critical Apache Tika Bug in ColdFusion

Adobe has released patches for 25 vulnerabilities across its products, including a critical Apache Tika flaw in ColdFusion. The post Adobe Patches Critical Apache Tika Bug in ColdFusion appeared first on SecurityWeek.

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. “Enterprise organizations that are clients of these payment providers are the most likely to be impacted,” SilentRead More »Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform. The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), hasRead More »Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

GoBruteforcer Botnet Targeting Crypto, Blockchain Projects

The botnet’s propagation is fueled by the AI-generated server deployments that use weak credentials, and legacy web stacks. The post GoBruteforcer Botnet Targeting Crypto, Blockchain Projects appeared first on SecurityWeek.

After Goldman, JPMorgan Discloses Law Firm Data Breach

The law firm Fried Frank seems to be informing high-profile clients about a recent data security incident.  The post After Goldman, JPMorgan Discloses Law Firm Data Breach appeared first on SecurityWeek.

Copyright © 2026 infosecintel.net