#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Code Injection | Breaking Cybersecurity News | The Hacker News

Category — Code Injection
Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks

Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks

Feb 07, 2025 Cloud Security / Web Security
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. It also noted that it has identified over 3,000 publicly disclosed keys that could be used for these types of attacks, which it's calling ViewState code injection attacks . "Whereas many previously known ViewState code injection attacks used compromised or stolen keys that are often sold on dark web forums, these publicly disclosed keys could pose a higher risk because they are available in multiple code repositories and could have been pushed into development code without modificat...
Malicious npm Packages Found Using Image Files to Hide Backdoor Code

Malicious npm Packages Found Using Image Files to Hide Backdoor Code

Jul 16, 2024 Open Source / Software Supply Chain
Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. "They contained sophisticated command and control functionality hidden in image files that would be executed during package installation," software supply chain security firm Phylum said in an analysis. The packages are designed to impersonate a legitimate npm library called aws-s3-object-multipart-copy , but come with an altered version of the "index.js" file to execute a JavaScript file ("loadformat.js"). For its part, the JavaScript file is designed to process three images -- that feature the corporate logos for Intel, Microsoft, and AMD -- with the image corres...
Watch Out For These 8 Cloud Security Shifts in 2025

Watch Out For These 8 Cloud Security Shifts in 2025

Feb 04, 2025Threat Detection / Cloud Security
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

Jul 11, 2024 Software Security / Threat Intelligence
Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply chain security firm ReversingLabs said. The attackers pivoted from using NuGet's MSBuild integrations to "a strategy that uses simple, obfuscated downloaders that are inserted into legitimate PE binary files using Intermediary Language (IL) Weaving, a .NET programming technique for modifying an application's code after compilation," security researcher Karlo Zanki said . The end goal of the counterfeit packages, both old and new, is to deliver an off-the-shelf remote access trojan called SeroXen RAT . All the identified packages have since been taken down. The latest coll...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks

Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks

Jul 01, 2024 Supply Chain / Software Security
A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and macOS applications," E.V.A Information Security researchers Reef Spektor and Eran Vaknin said in a report published today. The Israeli application security firm said the three issues have since been patched by CocoaPods as of October 2023. The project maintainers also reset all user sessions at the time in response to the disclosures. One of the vulnerabilities is CVE-2024-38368 (CVSS score: 9.3), which makes it possible for an attacker to abuse the " Claim Your Pods " process and take control of a package, effectively allowing them to tamper with the source code and int...
MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries

MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries

Jan 22, 2024 Software Security / Supply Chain
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know whether an attack was being performed," Oversecured  said  in an analysis published last week. Successful exploitation of these shortcomings could allow nefarious actors to hijack artifacts in dependencies and inject malicious code into the application, and worse, even compromise the build process through a malicious plugin. The mobile security firm added that all Maven-based technologies, including Gradle, are vulnerable to the attack, and that it sent reports to more than 200 companies, including Google, Facebook, Signal, Amazon, and others. Apache Maven is  chiefly used  for building and managing Java-bas...
TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Jan 18, 2024 Supply Chain Attacks / AI Security
Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source  TensorFlow  machine learning framework could have been exploited to orchestrate  supply chain attacks . The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of TensorFlow releases on GitHub and PyPi by compromising TensorFlow's build agents via a malicious pull request," Praetorian researchers Adnan Khan and John Stawinski  said  in a report published this week. Successful exploitation of these issues could permit an external attacker to upload malicious releases to the GitHub repository, gain remote code execution on the self-hosted GitHub runner, and even retrieve a GitHub Personal Access Token (PAT) for the  tensorflow-jenkins user . TensorFlow uses GitHub Actions to automate the software build, test, and deployment pipeline. Runners, which refer to machines that execute jobs in a GitHub Actions workflow, can ...
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

Jan 15, 2024 Vulnerability / Browser Security
Cybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage of a feature called  My Flow  that makes it possible to sync messages and files between mobile and desktop devices. "This is achieved through a controlled browser extension, effectively bypassing the browser's sandbox and the entire browser process," the company  said  in a statement shared with The Hacker News. The issue impacts both the Opera browser and Opera GX. Following responsible disclosure on November 17, 2023, it was addressed as part of  updates  shipped on November 22, 2023. My Flow features a chat-like interface to exchange notes and files, the latter of which can be opened via a web interfa...
Expert Insights / Articles Videos
Cybersecurity Resources