menu
Feed The Dev

Security

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious ker...
2025-01-14 22:23
local_offer
News Security
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasin...
2025-01-14 22:08
local_offer
News Security
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of th...
2025-01-14 15:38
local_offer
News Security
Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions
The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated. Th...
2025-01-14 14:59
local_offer
News Security
Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces
Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on management interfaces o...
2025-01-14 14:43
local_offer
News Security
Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces
Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on management interfaces o...
2025-01-14 14:43
local_offer
News Security
Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work o...
2025-01-14 14:40
local_offer
News Security
Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work o...
2025-01-14 14:40
local_offer
News Security
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing e...
2025-01-14 08:51
local_offer
News Security
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding...
2025-01-13 19:03
local_offer
News Security
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’...
2025-01-13 17:35
local_offer
News Security
Ransomware on ESXi: The mechanization of virtualized attacks
In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational an...
2025-01-13 17:00
local_offer
News Security
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). "Thi...
2025-01-13 12:10
local_offer
News Security
Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems
No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain. Cybersecurity company watchTowr Labs said it pulled off t...
2025-01-13 11:31
local_offer
News Security
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Microsoft has revealed that it's pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) ser...
2025-01-11 13:24
local_offer
News Security
DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering
The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were a...
2025-01-11 12:15
local_offer
News Security
Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs
Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers (vCISOs). While reporting is seen as a requirement f...
2025-01-10 17:29
local_offer
News Security
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combin...
2025-01-10 17:28
local_offer
News Security
Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity
Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sec...
2025-01-10 15:52
local_offer
News Security
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects S...
2025-01-10 15:17
local_offer
News Security

About Feed The Dev

Feed The Dev is a simple news aggragator for developers created by Alex Seifert. It collects news from various sources and displays them in one place.

Find out more on the about page.

Add a Feed

If there is a news source that you would like to see on Feed The Dev, please see this Github repository for instructions.

Popular Tags

News Operating Systems Microsoft Windows Open Source Apple iOS macOS iPad iPhone Mac Hardware

Support Feed The Dev

If you enjoy using Feed The Dev, please consider a donation to help keep the site running and the content coming!

Feed The Dev