First Hackers News

Latest cybersecurity news, real attacks, and practical IOCs—made simple and actionable.

Internet Security

Node.js systeminformation Package Enables RCE Attacks Vulnerability-Management-in-Projekten

Vulnerability-Management-in-Projekten

Node.js systeminformation Package Enables RCE Attacks

FHN December 25, 2024

A critical command injection vulnerability in the systeminformation npm package, CVE-2024-56334, exposes millions of systems to RCE...

Malicious Amazon Appstore apps record screens and intercept OTPs 1734719742629

1734719742629

Malicious Amazon Appstore apps record screens and intercept OTPs

FHN December 23, 2024

The “BMI CalculationVsn” app on the Amazon App Store secretly collects sensitive data, like app package names...

BADBOX botnet hacked 74,000 Android devices with remote codes android-malware

android-malware

BADBOX botnet hacked 74,000 Android devices with remote codes

FHN December 19, 2024

BADBOX is a cybercriminal operation that infects Android devices, like TV boxes and smartphones, with malware before...

Malicious supply chain attacks shift from npm to VSCode Marketplace SeroXen-RAT-Delivered-via-Malicious-NuGet

SeroXen-RAT-Delivered-via-Malicious-NuGet

Malicious supply chain attacks shift from npm to VSCode Marketplace

FHN December 19, 2024

Researchers have observed a rise in malicious activity on the VSCode Marketplace, exposing its vulnerability to supply...

Careto: A Notorious Threat Group Targets Windows with Microphone Recording and File Theft Windows-Alert-2

Windows-Alert-2

Careto: A Notorious Threat Group Targets Windows with Microphone Recording and File Theft

FHN December 18, 2024

Recent research links The Mask group to a 2022 attack on a Latin American organization, exploiting an...