repository | Breaking Cybersecurity News | The Hacker News

Jailbreakers Beware! Some shady tweaks that you installed on their jailbroken devices are looking to steal your iCloud login credentials, a report said. The iCloud account details, including email addresses and passwords, of nearly 220,000 jailbreak users have been breached , an online Chinese vulnerability-reporting platform WooYun reported . WooYun is an information security platform where researchers report vulnerabilities and vendors give their feedbacks. Backdoor Privacy Attack The security breach, according to the website, was a result of ' backdoor privacy attack ' caused by the installation of a malicious jailbreak tweak. It appears that Hackers are using a variety of " built-in backdoors " that could be numerous of malicious jailbreak tweaks in an effort to acquire victim's iCloud account information. Once installed, these malicious tweaks transferred the iCloud login details of the jailbreak users to an unknown remote se...

The U.S. government repository of standards based vulnerability management website National Vulnerability Database (NVD) was hacked by some unknown attacker last week. The website of NVD ( https://nvd.nist.gov/index.html ) is down since Friday due to a malware infection on two web servers, discovered on Wednesday. The main page of website reads," The NIST National Vulnerability Database (NVD) has experienced an issue with its Web Services and is currently not available. We are working to restore service as quickly as possible. We will provide updates as soon as new information is available ." According to a post available on Google+ by Kim Halavakoski , who contacted NIST Public Inquiries Office to know about the issue," On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was ...

Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people don't know is that browser extensions' excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025 , This report is the first and only report to merge public extension marketplace statistics with real-world enterprise usage telemetry. By doing so, it sheds light on one of the most underestimated threat surfaces in modern cybersecurity: browser extensions. The report reveals several findings that IT and security leaders will find interesting, as they build their plans for H2 2025. This includes information and analysis on how many extensions have risky permissions, which kinds of permissions are given, if extension developers are to be trusted, and more. Below, we bring key statistics from the report. Highlights from the Enterprise Browse...