Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...
Moneylife

CBSE's Digital Exam Portal Had a Master Password That Could Unlock Any Examiner's Account — and the Board Knew for 3 Months before Going Public

A 19-year-old cybersecurity enthusiast has raised serious questions about the safety of the Central Board of Secondary ...

Did 19-year-old Nisarga Adhikary hack CBSE OSM portal? Claims, counterclaims explained

Nisarga Adhikary claimed he had hacked the CBSE website and identified serious lapses in the agency's On Screen Marking (OSM) ...
Oneindia

‘Weak Defences’: Class 12 Ethical Hacker Claims It Took Only A Few Minutes To Hack CBSE OSM System

An independent researcher highlights potential security weaknesses in the CBSE On-Screen Marking portal, raising questions ...

'Anyone could edit marks': 19-year-old ethical hacker alleges major security flaws in CBSE evaluation system

Amid mounting student complaints over CBSE’s new On-Screen Marking system, a Class 12 student and cybersecurity researcher ...
India Today

Nisarga Adhikary, 19, claims he hacked CBSE marking portal, warned board earlier

A teen cybersecurity researcher’s blog post alleging serious flaws in CBSE’s On-Screen Marking portal has triggered concern online after entrepreneur Deedy Das amplified the issue on X. The researcher ...
Bleeping Computer

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. Despite an international law enforcement operation ...

Hackers deface school login pages after claiming another Instructure hack

The cybercrime group ShinyHunters claimed to have hacked Instructure again, defacing the login pages of several Instructure customer schools with an extortion message.
Android

A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming

A security researcher decompiled the White House’s new official app and found some alarming stuff buried in the code, including a hidden GPS tracking pipeline, JavaScript loaded from a random GitHub ...