Latest Hacking News

Check Point VPN Authentication Bypass (CVE-2026-50751): Client-Controlled IKEv1 Auth Flipped by Ransomware Affiliate

The root cause sits in how Check Point gateways process the VPNExtFeatures Vendor ID payload during IKEv1 key exchange. As watchTowr Labs discovered, the gateway reads four trailing bytes from this ...

Gordon thought World Cup chance 'would pass me by'

Scotland veteran Craig Gordon admits he thought he had missed his chance to play at a World Cup finals. Now 43, the ...

CBSE test website had 'master password' that could be used to tamper marks, claims 'hacker' Nisarga Adhikary

CBSE has denied that the actual evaluation portal was compromised, saying the vulnerabilities highlighted by the teenager related only to a “testing site”.
The Financial Express

‘CBSE portal very easy to exploit’: Class 12 hacker says he ‘didn’t expect amateur vulnerabilities’ | Exclusive

Just before appearing for his own Class 12 board exams, teenager and cybersecurity hobbyist Nisarga Adhikary claims he uncovered major vulnerabilities in a portal linked to CBSE’s digital evaluation ...

CBSE Cybersecurity Put To The Test: 19-Year-Old Ethical Hacker Flags 'OSM Portal Flaws', Board Rejects Claims

CBSE says that a URL mentioned in social media posts on the 'hacking' incident was only a testing platform containing sample data and not the portal used for actual assessment work ...

CBSE OSM Portal Had Critical Vulnerabilities, Ethical Hacker Tells NDTV

Adhikari claimed that by combining these flaws, an attacker could potentially take over examiner accounts, view assigned answer scripts, modify marks, and interfere with the evaluation process.
The Hacker News

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet ...
TechRadar

Fake VPN checker tool lets hackers bypass antivirus protections

Attackers use fake Fortinet dialogs and social engineering to trick users into executing malware Cache smuggling hides malware in browser cache, bypassing download and PowerShell detection tools ...
Security Boulevard

Roll your own bot detection: fingerprinting/JavaScript (part 1)

This is the first article in a two-part series where we show how to build your own anti-bot system to protect a login endpoint, without relying on third-party services. Many bot detection solutions, ...
TechRadar

Hackers are sneaking malware into SVG images to bypass antivirus - here's what we know

Hackers use malicious SVG files to mimic Colombia’s judicial system Victims download fake ZIPs that install malware via a renamed browser and DLL Over 500 files found; likely spread through phishing, ...
The Hacker News

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, ...